ShadowJonathan
commented
3 years ago (I was the one who encountered this bug, ask me further diagnostic questions if necessary)
Open deepbluev7 opened 3 years ago
ShadowJonathan
commented
3 years ago (I was the one who encountered this bug, ask me further diagnostic questions if necessary)
lmamane
commented
3 years ago Reproduced in version 1.3.6
lmamane
commented
3 years ago Additionally, the user has no way to work around this; entering e.g. <element> shows <element> in the message, not <element>.
Funnily enough, the "<element>" message is sent as a plain msgtype:m.text with no format nor formatted_body field, while the "<element>" that gets removed is inside a message with format:org.matrix.custom.html and a formatted_body.
lmamane
commented
3 years ago I found a work-around: type as a message: <foo>put your message with <client> there This will display as: put your message with <client> there The first "<foo>" is just to trigger treating the message as format:org.matrix.custom.html
Still, that is all deep geekery; the message should just display as it was typed by the user, always.
Describe the bug If you accidentally add an inline tag, that isn't an actual HTML tag inside a message, like
<client>, that gets stripped by cmark since version 0.29.0 and repaced with<!-- raw HTML omitted -->.Example:
This is probably surprising to users. I'd recommend to instead set the unsafe flag and escape all html not safelisted in the matrix spec, so that
<client>gets sent as<client>and it shows up as users expected. Alternatively the comment could at least be removed, but that is very confusing imo.To Reproduce Steps to reproduce the behavior:
<element><!-- raw HTML omitted -->is sent.Expected behavior
<element>is sent.Smartphone (please complete the following information):
Additional context Ask @deepbluev7:neko.dev, if you have any further questions. I implemented the same stuff in Nheko and I am just assuming you are using cmark from the output. ;-)