search

cryptee / web-client

Cryptee's web client source code for all platforms.
https://crypt.ee
Other
444 stars 22 forks source link

[Bug] Markdown importer ignores italics #123

Closed quenousimporte closed 3 years ago

quenousimporte commented 3 years ago

Describe the bug Italics are lost when importing a markdown file

To Reproduce Steps to reproduce the behavior:

  1. on your desktop create a markdown file with italics (using either undescores or asterisks)
  2. in cryptee import the markdown file
  3. click the markdown file to convert it to a cryptee document Italics are lost

Expected behavior Keep italics!

Screenshots italics1 italics2

johnozbay commented 3 years ago

Wow nice catch! Thanks a lot filing this!

We're looking into this right now as we speak, and checking to see:
a) why it's happening b) how come our automated tests didn't catch this.

We're going to update our automated tests and try to patch this with the upcoming bug-fix release latest within a day or two.

Many thanks,

J

johnozbay commented 3 years ago

Alright found what's causing the bug. πŸŽ‰

In February we started extensively checking all imported content for potentially malicious code to prevent code execution attacks. So that if someone sends you an html or markdown file with embedded js in it, and convince you to open it in Cryptee, they can't steal your keys etc.

Long story short, our sanitizer was looking for <I> for "italic" but not <em> (for emphasis) – however our markdown importer was converting italics to <em>. πŸ€¦πŸ»β€β™‚οΈ So we've just added em into our sanitizer's allowed tags list, and it's fixed now.

We pushed out the fix to beta.crypt.ee just now. If possible head over to beta, go into account settings, and make sure your version is 850f966 and try importing the markdown file again to see if it's indeed fixed.

It seems to pass all our updated(!) automated tests. If you give it a green light as well, we'll push these fixes out to live in a few hours.

I've linked this issue to our internal issue/release tracker. Once the update with this fix is out in the live version this issue will be closed automatically, and you'll get a notification!

Thank you so much for your help and patience in the meantime! Deeply appreciate this!

Looking forward to your confirmation,

J

quenousimporte commented 3 years ago

Yay it works! πŸ’ƒπŸ½

Capture d’écran 2021-06-01 141438

I also tested with some of my "real" documents and it looks fine.

Thank you so much for your quick action and explanations!

johnozbay commented 3 years ago

Wohooo! πŸŽ‰ Happy to hear it works! And you're very welcome! Thank you! ~(used markdown italic for this emphasis ha!)~

We're consolidating a few other bug fixes into the upcoming update, and will release a patch for this soon.

In the meantime, you can import using beta, and documents should open as expected even in the live version after you imported them.⚑️

Many thanks for this once again!

johnozbay commented 3 years ago

This should be fixed in the live version now! woohoo! Let me know if it comes back to haunt us again! 🦟🦟🦟🦟

Thanks again!πŸ™πŸ»