Opening this issue as a reminder that the <s> tag shouldn't be escaped anymore.
I've been informed that, starting from tomorrow, Matrix protocol specification strongly suggests clients to permit a set of HTML tags, now again including s, as detailed here.
Clients should limit the HTML they render to avoid Cross-Site Scripting, HTML injection, and similar attacks. The strongly suggested set of HTML tags to permit, denying the use and rendering of anything else, is: del, h1, h2, h3, h4, h5, h6, blockquote, p, a, ul, ol, sup, sub, li, b, i, u, strong, em, s, code, hr, br, div, table, thead, tbody, tr, th, td, caption, pre, span, img, details, summary.
Opening this issue as a reminder that the
<s>
tag shouldn't be escaped anymore.I've been informed that, starting from tomorrow, Matrix protocol specification strongly suggests clients to permit a set of HTML tags, now again including
s
, as detailed here.— @travis:t2l.io
— Client-Server API | Matrix Specification
Outcome
Currently, sending
<s>Strikethrough</s>
results in posting\<s>Strikethrough\</s>
.Operating system
Windows/Web
Application version
Future