🚩PR: Images can be added to description

elsoazemelet commented 3 months ago

Closes #73

Usage: Copy image data to clipbard then paste it into the description field

github-actions[bot] commented 3 months ago

Visit the preview URL for this PR (updated for commit 84e315f):

https://profile-cloud-dev--pr75-feat-image-r707ty1h.web.app

_{(expires Mon, 10 Jun 2024 16:40:43 GMT)}

_{🔥 via Firebase Hosting GitHub Action 🌎}

_{Sign: 2a004f867edf1347070dd9beedb18755187a6d4e}

SukuWc commented 3 months ago

Works as expected however it is seems unsafe to store arbitrary HTML in database and then just rendering it in someone else's session (XSS). Checked the store JSON file and it hase HTML elements and inline data image. Even if we escape HTML tags in the front-end we won't be able to safely store it in DB because back-end data sanitization will be implemented. After that the image tags will not ever render again. :(

Suggestion: only use markdown image tag to store the image! This is already supported by the chosen markdown renderer!

example:

# Example with Inline Image

This is an example of an image (red circle) embedded directly in the Markdown file using base64 encoding.

![Inline Image](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==)

You can see the image above.

intechstudio / profile-cloud

🚩PR: Images can be added to description #75