EDA and Map - values with < > don't display properly
bobular opened this issue · 4 comments
The two values are Aedes <genus> and Aedes <subgenus>
It looks like we're stripping HTML-like tags too aggressively?
I haven't looked, but we are probably displaying the values as html, in which case values in angle brackets would be interpreted as html tags. I don't remember the background as to why we treat them as html, but it's probably not a great idea. I'll have to dig around commit messages.
If I recall correctly, we wanted to support italics for organism names, etc.
We could have an allow-list of html tags we support, and encode any angle brackets that are not used in conjunction with those tags.
I'm envisioning a function with this interface:
declare function sanitizeHtml(html: string, allowedTags: string[]): stringAnd used like this:
sanitizeHtml(source, ['i', 'b'])Here's the safeHtml function we should probably improve
It's called from here
Any tag that isn't "safe" should be escaped so <genus> becomes <genus;>
I was thinking we would pass the output of the sanitizeHtml function to safeHtml:
safeHtml(sanitizeHtml(value, ['i', 'b']))Otherwise, we will need to a new parameter to safeHtml.