A Onebox for a Discourse category does not render Markdown properly


(Discourse.PRO) #1

An example:


(Jeff Atwood) #2

That’s correct, otherwise there are a million markup exploits we are open to. I think that’s a default for the onebox…


(Mittineague) #3

I agree with not parsing the HTML, but passing it though Sanitize.clean might make it look better. eg.

The extension integrates your Magento 2 store with the Stripe payment service.

(Jeff Atwood) #4

Sure that’s a good idea @zogstrip – I think you touched this last, for the prior round of Hacker One fixes?


(Robin Ward) #6

I’ve addded HTML stripping to the description in the latest onebox. Should be deployed shortly:


(Robin Ward) #7