nodebb-plugin-markdown icon indicating copy to clipboard operation
nodebb-plugin-markdown copied to clipboard
verified publisher icon NodeBB

Allow admins to post unsanitized HTML

Open pitaj opened this issue 9 years ago • 4 comments

Title says it all. Admins should be able to post unsanitized HTML inside their Markdown since they have access to the option to enable/disable the sanitizer.

pitaj avatar Sep 22 '16 04:09 pitaj

+1

savageautomate avatar Jun 11 '18 12:06 savageautomate

What's the use case for this feature?

julianlam avatar Jun 11 '18 20:06 julianlam

In my case, I would like to limit regular users to using the Markdown to protect against an malicious HTML just at it works today. But there are cases as the site owner/administrator where I would like to add richer custom formatted content than what Markdown can deliver and also potentially embed content from other my services via iframe or raw javascript.

So in summary I would like to maintain the rigid structure and protection for regular user content via Markdown but have the flexibility as the site owner/admin to author and embed other and richer content.

savageautomate avatar Jun 11 '18 20:06 savageautomate

I too would like such a thing! This is suitable for example if the administrator wants to publish more designed posts - a kind of blog category, but still does not want to get XSS from regular users... :)

ShlomoCode avatar May 11 '22 11:05 ShlomoCode