rjsf-team / react-jsonschema-form

A React component for building Web forms from JSON Schema.
https://rjsf-team.github.io/react-jsonschema-form/
Apache License 2.0
14.38k stars 2.19k forks source link

The UISchema "ui:description" no longer supports the <small> tag #4328

Open felipecarrillo100 opened 1 month ago

felipecarrillo100 commented 1 month ago

Prerequisites

What theme are you using?

React-Bootstrap

Version

"@rjsf/core": "^5.21.1",
"@rjsf/react-bootstrap": "^6.0.0-alpha.0",

Current Behavior

The description markdown no longer supports the tag \<small> , it used to work in previous versions but currently it doesn't work. You can witness this in your own playground. { "lastName": { "ui:autocomplete": "given-name", "ui:enableMarkdownInDescription": true, "ui:description": "Make things bold or italic. Embed snippets of code. \<small>And this is a small texts.\</small> " }, }
Renders to: Make things bold or italic. Embed snippets of code. \<small>And this is a small texts.\</small>

Expected Behavior

The correct rendering should be: Make things bold or italic. Embed snippets of code. And this is a small texts.

Where "And this is a small texts." in smaller size and tag is not printed to screen

Steps To Reproduce

You can reproduce this in your own ONLINE playground. Just go to urL https://rjsf-team.github.io/react-jsonschema-form/

Take the sample "Simple" and look at the "A registration form", Input "Last Name". You will see the "small" tag is printed as text: \<small>And this is a small texts.\</small>. The \<small> tag is printed as text instead of being used as format.

Environment

- OS:
- Node:
- npm:

Anything else?

No response

heath-freenome commented 1 month ago

@felipecarrillo100 We disabled raw html rendering in markdown to avoid xss attacks in #4256 and may have been overcautious in applying it to the enableMarkdownInDescription capability. That said, I think we may want to add a new feature to allow someone to explicitly allow potentially unsafe html in a manner similar to how react does it. Essentially, update the enableMarkdownInDescription flag to take another value besides true/false. allowUnsafeHTML. Is that something you are willing to implement?