Markdown code sections not displaying some text correctly

#1
  • Operating System: Windows 10,
  • App version: Aether Community Edition v2.0.0-dev.14, build 1909192130.00bf3c3

Expected Behavior
HTML tags and characters such as <, >, & should be shown in code blocks normally

Actual behavior
&lt, &gt, &amp are shown instead, and HTML tags disappear

To Reproduce
Make a post/preview a post body with some text including those characters

Screenshots
Body of:

Testing
```
Wow 1 > 2 & 3

```

makes
image

On here makes:

Testing

<tag>Wow</tag> 1 > 2 & 3
<html>
    <body>
</html>

A real post that suffers from this: aether://board/e649a97caea8f2888c7497faa9c2b8513330172f35b68cfe949528fe6901945d/thread/e2a86a4723286d1a9736093b64206930bd77821b4bb8e07f1488b6be4d44f6a3

#2

Yeah, this is actually a result of HTML sanitisation. Since the UI is also built with web technologies, if we don’t sanitise the HTML it would allow for code injection attacks into the UI.

The best thing to do is to actually render the HTML code shown and not show the code points, and that does have some issues with the way the text is placed in the UI with Javascript. So the conversion of < > to HTML tags is correct, it’s just that we also need to render them back in regular HTML so they will appear right. The latter we have to figure out how to do in Vue.

1 Like