Issue tracker's HTML sanitizer doesn't adapt for markdown code syntax

Fixed Issue #8066307

Details

Author
Amelia B.
Created
Jul 2, 2016
Privacy
This issue is public.
Reports
Reported by 1 person

Sign in to watch or report this issue.

Steps to reproduce

Markdown in issue reports is wonderful, but you seem to be suffering the common problem of having a disagreement between your markdown compiler and your code sanitizer that strips out disallowed tags.

Many markup tags are getting stripped out even when they are contained within markdown `` code delimiters. This is particularly a problem because the preview pane shows the code formatting just fine.

Testing:

<img> (should be img tag) <script> (script) <use> (use) <foo> (foo)

<img>
<script>
<use>
<foo>
<img>
<script>
<use>
<foo>

Attachments

0 attachments

    Comments and activity

    • Hmmm… Works fine in the issue report itself, let’s try it again in the comments!

      `` (should be img tag) `

    • Microsoft Edge Team

      Changed Assigned To to “Ibrahim O.”

      Changed Assigned To to “Christian F.”

      Changed Assigned To from “Christian F.” to “Anton M.”

    • It is a bit more complex than that. All the information is stored in Visual Studio Online. VSO’s editor doesn’t support markdown (it is a WYSIWYG), if someone modifies the repro steps (even with just a new line break) then the code inside will automatically get some html tags. We’ve done some improvements on how we handle this and some other cases already and soon we will release a new version with more improvements. Thanks for your patience!

    • Microsoft Edge Team

      Changed Status to “Fixed”

    • This should be fixed with the latest changes we’ve done to markdown and the sanitizer. Thanks for reporting it!

    You need to sign in to your Microsoft account to add a comment.

    Sign in