Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hook's .PlainText needs to return template.HTML or be piped to safeHTML #13291

Closed
bep opened this issue Jan 22, 2025 · 1 comment
Closed

Hook's .PlainText needs to return template.HTML or be piped to safeHTML #13291

bep opened this issue Jan 22, 2025 · 1 comment
Labels
Bug
Milestone
v0.142.0

Comments

@bep
Copy link
Member

bep commented Jan 22, 2025
edited
Loading

After fixing #13286 we'll end up with internal image/link templates producing invalid markup for .PlainText with HTML entities, e.g:

![A's is > B's](sunsets.jpg)

Will become:

<img src="sunsets.jpg" alt="A&amp;rsquo;s is &amp;gt; B&amp;rsquo;s"></p>

That renders to

Image

Assuming the image does not exist.

So, to fix this, we can either:

  1. Pipe PlainText to safeHTML in our internal templates.
  2. Make PlainText() return template.HTML.

What do you think, @jmooring ? I'm fine with both options. Just to be clear: Goldmark produces the exact same markup for the example above (when markup.goldmark.renderHooks.image.disableDefault=true), but since Content returns template.HTML, that's not an issue.

You could argue that the above is a bug in Go, and I would agree. It should consider HTML entities in its escaping.
@bep bep added the Bug label Jan 22, 2025
@bep bep added this to the v0.142.0 milestone Jan 22, 2025
@bep
Copy link
Member Author

bep commented Jan 22, 2025

I'm closing this, as I see that I have turned the problem upside down ... Somehow.

@bep bep closed this as completed Jan 22, 2025
@bep bep mentioned this issue Jan 22, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
v0.142.0
Development

No branches or pull requests
1 participant
@bep
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy