Open andrewbattista opened 3 years ago
Hi @andrewbattista, I'm just seeing this one now.
1) Did you use the deposit form for creating the record? If so, it's the JavaScript WYSIWYG editor that injects the <p>
tags.
The description
field is a rich text field so that users can use bullets, bold etc for the description of their record. The field is sanitised on storage (via whitelisting) to avoid XSS injections. The API delivers the full description so that a frontend API can also correctly render the description with bolds, italics etc.
It's possible that we can create another JSON format, that on output strips all tags from the description field. We do that e.g. in the application/vnd.inveniordm.v1+json
format.
@lnielsen - Yes, I did use the deposit form, and yes, it would be great to create a format that strips all tags. However, I think this is an issue that may have been fixed with the version 4 release (or maybe version 5) because it's not injecting those tags anymore. But if not, better to leave this on the radar
API response returns HTML encoding for description field
When users expose the JSON record on the item show page, or when users expose the record via the
api/records/
call via the URL, the response injects HTML markup into the response of the "description" element. This should not happen.Expected behavior
The API should return a JSON plaintext response that does not inject HTML markup into the response, especially when none existed previously
Example
here is an output of a sample record