A Onebox for a Discourse category does not render Markdown properly

An example:

1 Like

That’s correct, otherwise there are a million markup exploits we are open to. I think that’s a default for the onebox…

I agree with not parsing the HTML, but passing it though Sanitize.clean might make it look better. eg.

The extension integrates your Magento 2 store with the Stripe payment service.
8 Likes

Sure that’s a good idea @zogstrip – I think you touched this last, for the prior round of Hacker One fixes?

3 Likes

I’ve addded HTML stripping to the description in the latest onebox. Should be deployed shortly:

https://github.com/discourse/onebox/commit/252c35dc97a5932cd689ce4a9d5fea265a2313fd

5 Likes