Skip to content

Resolve "Display non-markdown content in the WYSIWYG mode of the SSE::HTML"

Derek Knox requested to merge 221078-v2-custom-renderer-html into master

What does this MR do?

It ensures that HTML within a markdown file doesn't get rendered as HTML in WYSIWYG mode, but instead plain text.

The base implementation wasn't robust as:

  • <link> HTML (first uneditable block in the screenshots below) would get swallowed and result in source content change (deletion of the link entirely) that was not intended
  • <div> and other HTML would still be interactive (though pointer-events: none; could alleviate this part) and rendered as HTML

Based on user feedback, in iteration we'll likely filter and selectively let certain HTML blocks render in the WYSIWYG mode. This is YAGNI for now though.

Screenshots

Before After
Screen_Shot_2020-07-08_at_7.41.46_AM Screen_Shot_2020-07-08_at_7.25.45_AM

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Closes #221078 (closed)

Edited by Derek Knox

Merge request reports

Loading