Per Create Bug Reports for Discourse on Meta
I can repro it and the preview indeed differs from the post.
The empty line below or above your tags plays a little role here but it’s not important. If you remove them, it will wrap the closest next and previous content, but not the whole content.
no empty lines
import QtQuick import QtQuick.Controls 2.15 as QQC2 import QtQuick.Layouts import QtPositioning
and prepension of
Frame doesn’t work, whereas
import QtQuick import QtQuick.Controls import QtQuick.Layouts import QtPositioning import QtQuick.Controls 2.15 as QQC2
and addition of
QQC2.Button (per [qml+pyqt6] Can't get native control appearance - #2 by carl - Help - Discuss) does?
A new line
I thought the issue was because
<strike> was an inline element. I can repro it with other tags such as
<i>, but not
<em>. So it’s not because it’s an inline-level element. Discourse allows wrapping blocks with inlines, from what I can see with
<strong> Additionally, how come ```qml import QtQuick import QtQuick.Controls 2.15 as QQC2 import QtQuick.Layouts import QtPositioning ``` and prepension of `QQC2` before `Action`, `Button`, `ApplicationWindow`, and `Frame` doesn't work, whereas ```qml import QtQuick import QtQuick.Controls import QtQuick.Layouts import QtPositioning import QtQuick.Controls 2.15 as QQC2 ``` and addition of `QQC2.Button` (per https://discuss.kde.org/t/qml-pyqt6-cant-get-native-control-appearance/1240/2?u=rokejulianlockhart) does? A new line </strong>
It seems not to be related to authorized tags, since Discourse accepts all these tags (
It seems not to be a markdown-it quirk either, since I can’t reproduce the issue in their demo.
<strike>is deprecated in favor of
<s>. A detail that won’t change anything in this issue, but always good to know… I just learned it right now after all ↩︎
Took a quick look out of curiosity. It looks like an issue with the
From what uses Discourse here:
Loofah.fragment uses Nokogiri’s HTML4 parser.
This could be fixed using
Loofah.html5_fragment as long as
Nokogiri >= 1.14.0 and
Loofah >= 2.21.0. Discourse already uses
Nokogiri::HTML5.fragment; that would make sense.
Loofah 2.21.0 is not yet released; currently in RC1.
Fantastic debugging! Thanks
going to bookmark this for 30 days, hopefully then the new loofah is out and we can simply upgrade it.
I just tried the HTML5 version of loofah and we are hitting a security issue it seems:
1) PrettyText provides safety for img bbcode Failure/Error: expect(cooked).to eq(html) expected: "<p><img src=\"http://aaa.com<script>alert(1);</script>\" alt=\"\" role=\"presentation\"></p>" got: "<p><img src=\"http://aaa.com<script>alert(1);</script>\" alt=\"\" role=\"presentation\"></p>" (compared using ==) # ./spec/lib/pretty_text_spec.rb:2150:in `block (2 levels) in <main>' # ./spec/rails_helper.rb:358:in `block (2 levels) in <top (required)>' # /home/sam/.gem/ruby/3.2.1/gems/webmock-3.18.1/lib/webmock/rspec.rb:37:in `block (2 levels) in <top (required)>'
This one feels very risky to me… will raise…