Open Tidyl opened 9 years ago
Works fine here: http://plnkr.co/edit/uieJw9PB3QdUiZfKxOwH?p=preview
@pbassut You have quotes around the URL in your example.
We're taking input from users, a few of which decided to do something like
<http://plnkr.co/edit/r5hYZvsRSEhcX0MMCiIh?p=preview>
in their content. The sanitizer appears to read this as a bad HTML tag and no content shows up.
Another example where I'm seeing a similar issue the HTML has:
My Name (me@email.com<mailto:me@email.com>)
Sorry, but this is not possible in so many ways. And the editor is right to wipe it out. Because:
mailto
is not a tag. It's a link.Note that this is supported fine if you use the view editor. But of course they're not supported when messing with the HTML part.
I could say you can override the default sanitizer. But the way you wanna do, there isn't a specific tag you want to allow. It's very arbitrary.
I think it's more an issue of something that should be recognized as plain text being recognized as a tag and then the sanitizer chooses to display nothing at all for the entire HTML. What I'm suggesting is basically something enclosed in angle brackets with no closing tag be treated as plaintext instead. Would that be possible?
In the HTML? No. As I said, it doesn't make much sense. I'm afraid that won't happen even when using the sanitizer. Now if you're talking about including these things enclosed in angle brackets in the "view editor", then it should work fine. If that's not working, now that's a problem. Let me know, please.
Here's an example of the data that I received. I'm trying to use the sanitizer on this data:
GRB 150902A: Fermi-LAT detection<br/><br/>M. Arimoto (Tokyo Tech), M. Axelsson (KTH Stockholm), J. Racusin (NASA/GSFC), E. Bissaldi (INFN Bari),D. Kocevski (NASA/GSFC) report on behalf of the Fermi-LAT team:<br/><br/>At 17:35:39.37 UT on 2015-09-02, Fermi-LAT detected high-energy emission from GRB 150902A,which was also detected by Fermi-GBM (trigger 462908143/150902733).<br/><br/>The best LAT on-ground location is found to be<br/><br/>RA, Dec = 214.926, -69.361 degrees (J2000)<br/><br/>with an error radius of 0.127 deg (90% containment, systematic error only). This was 38 degfrom the LAT boresight at the time of the trigger and triggered an autonomous repoint of thespacecraft.<br/><br/>The data from the Fermi-LAT show a significant increase in the event rate that is spatially andtemporally correlated with the GBM emission. More than 50 photons above 100 MeV and 9photons above 1 GeV were observed within 300 seconds. The highest-energy photon is a 11 GeVevent which is observed ~100 seconds after the GBM trigger.<br/><br/>A Swift ToO has been requested for this burst.<br/><br/>The Fermi-LAT point of contact for this burst is Daniel Kocevski (daniel.kocevski@nasa.gov<mailto:daniel.kocevski@nasa.gov>).<br/><br/>The Fermi-LAT is a pair conversion telescope designed to cover the energy band from 20 MeVto greater than 300 GeV. It is the product of an international collaboration between NASA andDOE in the U.S. and many scientific institutions across France, Italy, Japan and Sweden.
This is sent from an external source no submitted through the view editor.
So, you say the editor is not parsing this correctly when you set the html to this value?
If you try setting that as the HTML in your example above it errors out and returns nothing.
Yeah. I think the html should be "fixed" when this sort of html is pasted. This is a big enhancement though. Thanks for letting us know.
If you have content that contains plain text of the form <'someURL'> it assumes this is HTML. Could this case be fixed? I don't think the use of angle brackets shouldn't determine their contents as a markup.