Markdown preview: move inline Markdown source to DOM element to properly escape (!290) · Merge requests · GNOME / gnome-builder

GN requested to merge gno-nuc/gnome-builder:fix-markdown-preview into master Jul 01, 2020

Markdown preview: HTML-escape inline Markdown source and move to (hidden) DOM element to properly encapsulate.

This should properly fix #1244 (closed).

219fb9d1 addresses Markdown source encapsulation within JS, but fails to account for the JS being embedded in HTML (so for example </script> in the Markdown source breaks rendering since it is not escaped WRT the HTML document).

Additionally formatting was changed to the more idiomatic str.format().

The following very much non-exhaustive Markdown document was used to trivially test against the problems raised in that issue, as well as the </script> case:

```
"
```

```
\"
```

```
<>
```

```
foo \
  bar
```

```
</script>
```

</script>

foo

Markdown preview: move inline Markdown source to DOM element to properly escape

Merge request reports