No internet connection

Formatting code in upsert API changes ">" to HTML escaped version thereof ">"

By Christian Scheuer @chrscheuer

2020-06-27 10:38:49.611Z

See the script here:

https://forum.soundflow.org/-2384/the-below-function-still-gets-stuck-with-the-memory-location-windo-popup-menu-held-open-no-error-mes#post-1

2 replies

KajMagnus @KajMagnus
core-dev
support-team
2020-06-28 13:38:19.044Z
It seems to me that Talkyard got < in the uploaded CommonMark source already. When I look at the page source, I see:

//Try to see if waiting for ... //so that it would be safe to ... retry(() => sf.ui.proTools. ... //Now try clearing it... retry(() => { var menuItem;

But Talkyard shoulnd't process the source — it just saves it as is, and then converts & sanitizes to HTML.
Now, since < is in the source already, I'm wondering if SoundFlow's server actually sends < to Talkyard.

SoundFlow doesn't do any HTML escaping of its own, before posting to Ty?
Could possibly a React editor component SoundFlow uses, do its own HTML escaping?

A bit further down also " gets escaped — I suppose all of < & " get escaped:

//Close the dialog sf.ui.proTools.menuClick({ menuPath: ["Window", ...],

There's something unusual with how the code block ends — in the CommonMark source, there's this:

}```</code></pre>

So, both ``` and </code></pre>. I would-think-that / wonder-if that was included in the API request from the start already.
Reply
1. C Christian Scheuer @chrscheuer
  2020-07-11 11:43:43.776Z
  Thanks Magnus, that sounds about right. Sorry for the inconvenience, I'll double check on our end.
  Reply

ReplyAdd progress note