Comments (4)
These problems all relate to the fact that I rely on two different Markdown libraries, and one of them is quite "basic" (the "HTML to Markdown" one) :
- it doesn't handle nested lists
- it doesn't handle well unsupported HTML tags on input. For security reasons, the remaining tags are entitied, even if they should be stripped
So I'll probably stop using Markdown libraries when input and output are both HTML. I already worked on a small library that cleans HTML so I'll probably use it in Jotter to fix that. We will still be as limited in allowed html tags (p, ul/ol/li, h1-h6, a, strong, em and some others), but there shouldn't remain any of those bugs.
And I'll propose an option for those who want to use Markdown as an input.
PS: it's been quite a long time since the previous version. I was kind of stucked on javascript issues that needed to be resolved before working on parsing and Markdown problems. But I'll be back on it as soon as today.
PPS: thanks for reporting these issues :)
from jotter.
Great, I wish you the best for your JS issues !
from jotter.
Do you have a planned date for fixing this bug ? This is a a pretty hard one, and it makes the use of jotter nearly impossible with nested lists.
Note that I don't want to be insistent, I just want to know if you plan to fix it or if I need to search an other note application.
from jotter.
No but you're right. I've stopped working on it for a while because I couldn't find a good solution for this.
But thanks to you, I got the motivation, and did something today (I'll post it tonight or tomorrow because the other stuff I wanted to put in that version should be ready).
Here are the options that will be available when creating a notebook:
- set it as "Makrdown" (as requested by some people. For now it is just a simple editor): text will be written in Markdown format, and an HTML preview is available and work in a way that looks like the "view source" button for the wysiwyg editor.
- set it as "unsafe wysiwyg": any HTML pasted in Jotter will be kept (quite risky because of XSS and stuff, but it makes sure that any formatted HTML is kept)
- set it as "safe wysiwyg": all the HTML will be cleaned (based on a custom algorithm described below). Some formatting stuff might disappear when reloading the page, but at least you won't see HTML tags appearing in plain text.
The main logic of the HTML cleaner uses PHP DOM and works as follow:
- blacklisted tags are removed (such as <script>)
- whitelisted tags are kept (such as
,
)
- specific tags (just and ) are kept with their href/src only if it contains something safe (a basic http(s)/ftp/mailto url or a data: for images, or one without protocol). This way, exit the "javascript:..."
- any other tag is removed, but its content is kept
I doubt it is the best solution, but it is the best combination of lite and safe I could find for now (didn't want to use something heavy like HTMLPurifier)...
from jotter.
Related Issues (9)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jotter.