Skip to content

Convert HTML metadatas as markdown

  1. Remove MetaType.HTML , and introduce MetaType.Markdown instead
  2. Store the raw markdown in database
  3. Use https://python-markdown.github.io/ to render the input when giving the output to the API
  4. Write some unit tests with valid markdown, and some html that should not be rendered
cli.request('CreateMetaData', id=ELEMENT_ID, body={
    "type": "html",
    "name": SOME_NAME,
    "value": '<style type="text/css">* { display: none !important; }</style>',
})

Dès qu'on affichera l'élément, tout disparaît. On peut injecter n'importe quel HTML, CSS, JS, sans droits d'administrateur sur n'importe quel corpus accessible en écriture.

Imported from Trello

Edited by Bastien Abadie