search

wefork / wekan

The open-source Trello-like kanban (built with Meteor)
https://wekan.io
MIT License
61 stars 12 forks source link

HTML code entered in card description or comments is not escaped #53

Closed HLFH closed 7 years ago

HLFH commented 7 years ago

Hi,

Wekan related issue: https://github.com/wekan/wekan/issues/556

Any html code that is entered in a card's description or comments is not escaped and instead is parsed by the browser. The card title escapes html code properly. This allows external resources to be embeded in the page instead of attached, including iframes. This also makes using wekan to track development of html code very difficult as everything entered has to be manually escaped. If this is intentional then please provide an option to turn code escaping on and off.

Please support HTML code within some markdown.

HLFH commented 7 years ago

Hum. I'm testing it right now again and it seems it works within some markdown. Can you confirm it from your side ? So then we will close https://github.com/wekan/wekan/issues/556 and https://github.com/wefork/wekan/issues/53

Thanks!

xet7 commented 7 years ago

This issue was moved to wekan/wekan#801