search

globaleaks / globaleaks-whistleblowing-software

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.
https://www.globaleaks.org
Other
1.26k stars 276 forks source link

On release 5 injection of images via Markdown seem not working #4341

Open elbill opened 3 days ago

elbill commented 3 days ago

What version of GlobaLeaks are you using?

5.0.32

What browser(s) are you seeing the problem on?

Chrome

What operating system(s) are you seeing the problem on?

Windows

Describe the issue

In version 4 markdown was enabled in question descriptions. This is no longer the case and only links show active as pached following issue #4340. I had some markdown implementations in description showing odd now.

Proposed solution

I would suggest bringing back markdown in question descriptions as well as enabling it in other elements such as information showing after selecting specific question and blocked question.

evilaliv3 commented 3 days ago

@elbill : actually markdown is enabled on question description.

would you please provide an example of the syntax that you are using and the output that you are getting?

elbill commented 3 days ago

It used to render the images as links to an external platform. now the markdown code shows as in the example

Doping Cipher

image

image

elbill commented 3 days ago

So i was using thumdnails as links to external elearning content. The thumbnail images dont show any more.

evilaliv3 commented 3 days ago

Are you using markdown or html?

Maybe you were using some html tags and the old component was accepting it?

elbill commented 3 days ago

What is the following. This what I was using image it showed the thumbnails perfectly

evilaliv3 commented 2 days ago

Thank you @elbill.

I just retried with this code and it works like a charm [![Doping center](/s/image.png)](https://www.google.it)

Please check your browser console to understand the problem on your browser. Maybe the issue is caused by the revision of you content-security-policy that may have introduced some errors?

P.S. if possible when provided code like the above please do a simple code paste of the code as it make it more fast to test the code without having to manually read and type all the provided code. thank you!!

elbill commented 2 days ago

havent made any modification in CSP. please check: https://fraudline.try.globaleaks.org/#/ landing page and questionaire I'm providing password in slack

evilaliv3 commented 2 days ago

Thank you.

The bug comes from the combination of images and links and seems to be related to this commit: https://github.com/globaleaks/globaleaks-whistleblowing-software/commit/a6bd235fd84b344b6b11718cefa1ccad806ac72e

evilaliv3 commented 2 days ago

Corrected and the fix will be included in 5.0.33