is there a way to escape text displayed as a string to be interpreted as html

[Ognian]

Hello, I would like to be able to enter html in a data text string. Such a string is normally escaped, but is there a way to intentionaly unescape it...

[Ognian]

One way would be to enter the text in markdown and implement format:markdown ...

[geraintluff]

That's tricky, because displaying arbitrary HTML has security problems.

If it's internal data, then you could create a custom renderer, like:

Jsonary.render.register({
    renderHtml: function (data, context) {
        // ideally, this should be sanitizeHtml(data.get());
        return data.get();
    },
    filter: {
        type: "string",
        readOnly: true,
        filter: function (data, schemas) {
            return schemas.containsFormat('html');
        }
    }
});

If you know of a good JavaScript-based HTML sanitisation library, then it would be no problem, and it could be added as one of the extra renderers.

[geraintluff]

For "format": "markdown", I wrote this renderer here: https://github.com/jsonary-js/jsonary-site/blob/master/renderers/markdown-hack.js

It doesn't accept any HTML (it uses Jsonary.escapeHTML(...) before passing it to the Markdown parser).

There's also this one, which uses either markdown-js or PageDown, depending on which is available in the environment.

[Ognian]

Thanks a lot, I'm going now with the markdown solution. At the moment I need only html links so I let the markdown lib generate them and then I'm modifying the tag in an usable way for my app (specifying a target iframe where to go) etc... I started with PageDown since the editor could be an option, but I'm not sure if marked isn't the better solution... When I'll get a good solution I'll contribute back to jsonary ...