Markdown Support and Url parsing

sdslabs / jinora

Slack webhook app to create anonymous public channels

https://chat.sdslabs.co

88 stars 10 forks source link

Markdown Support and Url parsing #52

Closed csoni111 closed 7 years ago

csoni111 commented 7 years ago

Resolves #48

Adds Markdown support by using showdown
Also converts any url in the message to <a href="url" target="_blank">url</a>

csoni111 commented 7 years ago

Now the code to process markdown in the message is on the server side, instead of on the client side. Also I have added a list of allowed html tags and attributes for respective tags. This will limit markdown support and also help cope xss attack.

csoni111 commented 7 years ago

If a user passes <del>Hello</del> into message box. This will be seen in the chat as <del>Hello</del> and not as ~~Hello~~ . It's because on passing it through the showdown js, the html tags will be escaped like this <del>Hello</del>. So no harm can be done!

captn3m0 commented 7 years ago

@csoni111 Anything left on this?

csoni111 commented 7 years ago

@captn3m0 Not from my side! I was hoping someone would merge it.