Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Content in Body. '<' symbol in code ¿fix? #29

Open
DiegoJArg opened this issue Nov 27, 2022 · 2 comments
Open

Content in Body. '<' symbol in code ¿fix? #29

DiegoJArg opened this issue Nov 27, 2022 · 2 comments

Comments

@DiegoJArg
Copy link

Hi. I like the non-intrusive inclusion of the parser, but also that it content in Body allows to place <script> tags and be executed. For example, embeddeds from pastebin: <script type="text/javascript" src="https://pastebin.com/embed_js/SUVEeRbi"></script>

The problem with this as the docs says, may be fixed by non-markdown but html-tags.

```
s = 'Hola mundo'
print(s)
```
```
if (a < b):
   print('unusual <string')
```
<script src="https://cdn.jsdelivr.net/npm/[email protected]"></script>

Can be fixed very easily by replacing ``` with the html deprecated tag <xmp>. Althoug it doesn't gets converted to <PRE><CODE> preserving the same style.

<xmp>
if (a < b):
   print('unusual <string')
</xmp>
<script src="https://cdn.jsdelivr.net/npm/[email protected]"></script>

According to stackoverflow answers, there is no direct replacement, but xmp continues to work on browsers. The most similar one is <pre><code> which is the one used by markedjs to replace ```

But if we attempt to use it, the markedjs parser will add spaces between " code " and some erratic code is added as well.
If this behavior can be fixed, we could use precode or just code to replace ``` for this mode.

```
s = 'Hola mundo'
print(s)
```
<pre><code>
if (a < b):
   print('unusual <string')
</code></pre>
<script src="https://cdn.jsdelivr.net/npm/[email protected]"></script>

image

@susam
Copy link
Owner

susam commented Nov 28, 2022

Thank you @DiegoJArg once again for creating a detailed issue. I have a few questions to better understand your suggestion.

  1. All HTML tags are allowed by TeXMe. Since TeXMe is a tool for content authors (as opposed to being a tool for users of content management systems), it allows all HTML tags including script tags. Do you like this behaviour?
  2. About the code example with <string in body, the browser interprets this as a broken HTML tag even before TeXMe can see this code. How do you propose we fix this? Would it not be possible for you to write such content in textarea instead of writing it in body?

@DiegoJArg
Copy link
Author

  1. Yes. I like that markdown can embed HTML.
  • <script> tags don't get executed if contained in <textarea>. I made a test with non-iframe pastebin's snippet.
  • Try this example: <script src="https://pastebin.com/embed_js/SUVEeRbi"></script>
  • I was originally searching for a method to render my markdowns as-is in browser-side as static pages. TeXMe is the clossest one I found so far. Sadly the browser wouldn't handle .md.
  1. I suggested as propossal to bypass the browser from parsing < (less than) by using the CODE tag on the markdown itself, which is a html-valid approach and this is an html file. But the markdown's renderer adds additional characters to the convertion as a result of a non-markdown structure. So if content-in-body method is used, the markdown's renderer could include CODE as synonim of ```. There may be other synonims aswell like XMP or PRE-CODE.
  • Yes, I could use textarea. But doesn't executes the script tag.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants