mpanic
commented
7 years ago @chrissloey: Looks like tests are failing regardless of the commit. How does one get the PR reviewed/accepted?
Closed mpanic closed 6 years ago
mpanic
commented
7 years ago @chrissloey: Looks like tests are failing regardless of the commit. How does one get the PR reviewed/accepted?
st-h
commented
6 years ago Hey @mpanic. I have taken over this addon. Are you trying to actually render html within the contenteditable, or is this an issue with text containing html tags?
In case of the latter, there is a test which passes:
test('isText=false preserves html', function(assert) {
assert.expect(1);
this.set("value", "<b>baller</b>");
this.render(hbs`{{content-editable value=value placeholder="bananas" isText=false}}`);
assert.equal(this.get("value"), "<b>baller</b>", "html not stripped from value");
});Would you mind checking that? Please note that this seems to uses the legacy parameter isText instead of setting type. Will look into that later (feel free to submit a PR if you feel like helping)
In case of the first one, unescaped user input is a security issue. And I would rather not add this as this might get quite dangerous if not handled with a lot of care. Actually frameworks like ember work quite hard to make this secure by default.
I'll gonna close this issue for now. Please open a new one in case there is an issue with the current test.
If you use this with the idea to store HTML content in the DB, this fix enables it to display proper HTML content in the ember-content-editable component when it loads from the DB for the first time.