Open ghost opened 10 years ago
Er... so this basically assumes that the API client making the submissions is submitting safe HTML. I think we should document this in the API, possibly even changing the name of the field to descriptionHTML
to make sure clients understand that they need to do any escaping/sanitization/etc beforehand if necessary. Ideally, though, I'd rather we support a subset of HTML that we sanitize, or perhaps allowing Markdown descriptions and sanitizing them through something like PageDown.
Yeah, I kind of had the same concern, but unfortunately this is going live today, and we needed links in the badge descriptions. I believe chris said the aestimia side of this is less critical, though, so perhaps we can ignore it for now.
Allows html in submission achievement descriptions (i.e. badge descriptions).