These problems all relate to the fact that I rely on two different Markdown libraries, and one of them is quite "basic" (the "HTML to Markdown" one) :

• it doesn't handle nested lists
• it doesn't handle well unsupported HTML tags on input. For security reasons, the remaining tags are entitied, even if they should be stripped

So I'll probably stop using Markdown libraries when input and output are both HTML. I already worked on a small library that cleans HTML so I'll probably use it in Jotter to fix that. We will still be as limited in allowed html tags (p, ul/ol/li, h1-h6, a, strong, em and some others), but there shouldn't remain any of those bugs.

And I'll propose an option for those who want to use Markdown as an input.

PS: it's been quite a long time since the previous version. I was kind of stucked on javascript issues that needed to be resolved before working on parsing and Markdown problems. But I'll be back on it as soon as today.
PPS: thanks for reporting these issues :)

from jotter.

Great, I wish you the best for your JS issues !

from jotter.

Do you have a planned date for fixing this bug ? This is a a pretty hard one, and it makes the use of jotter nearly impossible with nested lists.

Note that I don't want to be insistent, I just want to know if you plan to fix it or if I need to search an other note application.

from jotter.

No but you're right. I've stopped working on it for a while because I couldn't find a good solution for this.
But thanks to you, I got the motivation, and did something today (I'll post it tonight or tomorrow because the other stuff I wanted to put in that version should be ready).

Here are the options that will be available when creating a notebook:

• set it as "Makrdown" (as requested by some people. For now it is just a simple editor): text will be written in Markdown format, and an HTML preview is available and work in a way that looks like the "view source" button for the wysiwyg editor.
• set it as "unsafe wysiwyg": any HTML pasted in Jotter will be kept (quite risky because of XSS and stuff, but it makes sure that any formatted HTML is kept)
• set it as "safe wysiwyg": all the HTML will be cleaned (based on a custom algorithm described below). Some formatting stuff might disappear when reloading the page, but at least you won't see HTML tags appearing in plain text.

The main logic of the HTML cleaner uses PHP DOM and works as follow:

• blacklisted tags are removed (such as <script>)
• whitelisted tags are kept (such as

  ,

  )

• specific tags (just and ) are kept with their href/src only if it contains something safe (a basic http(s)/ftp/mailto url or a data: for images, or one without protocol). This way, exit the "javascript:..."
• any other tag is removed, but its content is kept

I doubt it is the best solution, but it is the best combination of lite and safe I could find for now (didn't want to use something heavy like HTMLPurifier)...

from jotter.