Markdown support for topic description

Question

Markdown support for topic description

Opened this issue 7 years ago · 3 comments

There's no way to style topic descriptions at the moment, not even newlines.

Markdown would be a very well known way to do formatting. It would also be a solution for #1 and #2.

Answer 1 · 2017-10-29T11:13:57.000Z

It was also a suggestion to support html, this might be harder to implement since we'd need to exclude certain html tags to prevent injection/ screwing with the template.

Answer 2 · 2017-10-29T11:35:14.000Z

I don't know if following lists are complete, but I guess HTML will be less work:

HTML:

The backend will have to clean up whatever the user
Rendering is easy, just display what the backend sends...

Markdown:

We'll have to check if there are ways to do some sort of injection with markdown
I guess we'll have to check if it's valid
Find a library that renders it on the front-end.

But personally, I still favor markdown because it is nicer to read and edit.

Answer 3 · 2017-10-29T11:50:37.000Z

I'm also more fan of Markdown since I know it. But not all developers know Mardown most know html though.

HTML

You can display HTML (coming from an external endpoint) straight in the page with Angular without explicitly ignoring it's safety checks. It's pretty easy to to put some kind of injection in html code.
e.g. just include an external script and since you're forcing Angular to just accept whatever that's in there it will just render it.

Markdown

I don't think it's (easily) possible. I don't think we should have a markdown validation. If it's not valid we can just leave it, triggering the user to update it. Of course some kind of validation or preview can always be added in a later stage.

We can also write our own simple markdown parser. This way we can control what'll be rendered and what not. This helps us out because we'll not have to worry about injections etc as long as we keep it simple enough. We can iteratively increase to more Markdown support and check for injection possibilities. It'll be easier then including a library and then having to worry about every feature of that library. A lot of features won't be used anyway. Since most people will just use it to make some bulletlists and add some headers or basic formatting.

Extra option: rich editor

We could also just include some kind of rich editor. Since we just try to have some formatting to make the description more readable.