search

muonw / muonw-powertable

▦ PowerTable is a Svelte component that turns JSON data into an interactive HTML table. Inspired by DataTables. Powered by Svelte.
https://muonw.github.io/muonw-powertable/
Other
220 stars 13 forks source link

Invalid HTML tags are not escaped #7

Closed muonw closed 2 years ago

muonw commented 2 years ago

Describe the bug When HTML parsing is allowed (that is when the property parseAs in ptInstructs is set to unsafe-html), the invalid tags such as <? are not escaped and can prevent proper rendering.

To Reproduce Steps to reproduce the behavior:

  1. Go to https://muonw.github.io/powertable/examples/example8
  2. Click on the checkbox of the first row
  3. Add <? to the beginning of a field
  4. Click on the check mark to finalize the edit
  5. The edited field will appear empty

Expected behavior The content of the edited field, including <?, should be displayed

muonw commented 2 years ago

The logic of escaping mechanism depends of user's specific requirements and may be incorporated via ptOptions.userFunctions.customParse.