markdown-to-hiccup icon indicating copy to clipboard operation
markdown-to-hiccup copied to clipboard
verified publisher icon mpcarolin

{:encode? true} only encodes AFTER parsing to hiccup it seems

Open Ashe opened this issue 6 years ago • 4 comments

If you look at the screenshot below, encoding HTML does not make things safe. It actually does the opposite, and only converts the plaintext HTML which looks okay. markdown-to-hiccup allows for HTML written in the MD document to be passed through and converted to hiccup, and while I can see this being a good thing in a lot of cases, I believe your intention with {:encode true} was to try and stop this, right? Is this a bug with markdown-to-hiccup or is this my own problem, and if so, how would you go about fixing something like this? Thanks.

screenshot_19 08 20_12 04 49

Ashe avatar Aug 20 '19 11:08 Ashe

+1

dchacke avatar Jan 11 '20 07:01 dchacke

Temporary workaround:

(->
    s
    (clojure.string/replace #"[<>]" {\< "&lt;"
                                     \> "&gt;"})
    m/md->hiccup))

That way, the encoding happens beforehand.

dchacke avatar Jan 11 '20 18:01 dchacke

Well actually, you may want to remove the entry for >, or else you won't be able to render markdown quotes.

dchacke avatar Jan 11 '20 22:01 dchacke

I'm unfortunately not working on that project right now, so I can't comment if this works or not. Thank you for for replying to my issue though!

Ashe avatar Jan 16 '20 01:01 Ashe