A Onebox for a Discourse category does not render Markdown properly

dmitry_fedyuk · February 17, 2017, 1:20pm

An example:

codinghorror · February 17, 2017, 8:35pm

That’s correct, otherwise there are a million markup exploits we are open to. I think that’s a default for the onebox…

Mittineague · February 17, 2017, 8:41pm

I agree with not parsing the HTML, but passing it though Sanitize.clean might make it look better. eg.

The extension integrates your Magento 2 store with the Stripe payment service.

codinghorror · February 17, 2017, 8:46pm

Sure that’s a good idea @zogstrip – I think you touched this last, for the prior round of Hacker One fixes?

eviltrout · May 17, 2017, 7:22pm

I’ve addded HTML stripping to the description in the latest onebox. Should be deployed shortly:

Topic		Replies	Views
HTML is not render on category onebox description Bug onebox	2	380	January 23, 2024
The Markdown parser fails to process the [[text]](url) expression Bug	2	1159	July 7, 2017
Quickly explain what Onebox is? Feature	10	11197	October 22, 2020
Onebox looks horrible on Discourse Comments (below WP Post) WordPress	18	2227	June 27, 2018
Discourse doesn't follow the CommonMark spec for HTML <pre> tags inside code spans Bug markdown-it-review	6	2297	June 26, 2017