Closed elsoazemelet closed 3 months ago
Visit the preview URL for this PR (updated for commit 84e315f):
https://profile-cloud-dev--pr75-feat-image-r707ty1h.web.app
(expires Mon, 10 Jun 2024 16:40:43 GMT)
🔥 via Firebase Hosting GitHub Action 🌎
Sign: 2a004f867edf1347070dd9beedb18755187a6d4e
Works as expected however it is seems unsafe to store arbitrary HTML in database and then just rendering it in someone else's session (XSS). Checked the store JSON file and it hase HTML elements and inline data image. Even if we escape HTML tags in the front-end we won't be able to safely store it in DB because back-end data sanitization will be implemented. After that the image tags will not ever render again. :(
Suggestion: only use markdown image tag to store the image! This is already supported by the chosen markdown renderer!
example:
# Example with Inline Image
This is an example of an image (red circle) embedded directly in the Markdown file using base64 encoding.
![Inline Image](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==)
You can see the image above.
Closes #73
Usage: Copy image data to clipbard then paste it into the description field