When editing a comment, in which markdown was used, the markdown symbols become converted to HTML.
For example > is converted to & gt; which leads to problems, when saving it. It's unnecessary work to fix every line manually.
Is there any reason? I think the code gets converted to HTML before it is saved to the database.
In general, shouldn't be user input, after filtering bad code of course, stored in the database like it was written by the user? It could be converted to HTML, when reading the markdown out of the database, only to display it.
Thanks for your thoughts!
Link to the discussion: https://discuss.erpnext.com/t/markdown-is-lost-when-editing/23743/3
Screenshots:
ci2014
All 8 comments
Hello @ci2014
When you want to use markdown, you need to type <!-- markdown --> as the first line in the comment textarea.
tundebabzy
on 24 May 2017
@tundebabzy Thank you tundebabzy. It's working without the markdown comment as well. But when editing, it gets lost. I think it should be working only either with the tag and if the tag is missing not at all, rather than working without the comment tag first and getting lost when editing.
ci2014
on 24 May 2017
Yes. It actually works initially without the flag because when you initially type it, ERPNext doesn't send it to the server for processing. The javascript on the page immediately converts it to HTML. When you click save or even click on edit again, the contents of the field are sent to the server and in the process, things like '>' are converted to '>' before being returned to the comment box.
So for best results, add the flag at the top. When the server receives it, it would sanitize it in the appropriate way.
tundebabzy
on 24 May 2017
@tundebabzy I understand. I will add it on top from now. I still think it is a bug and for now, it should be documented by this ticket.
I know there are more important bugs and things than this one, so for now, it is a solution to put it on top and tell the users to do so. For the long term, there might be a more user friendly solution.
ci2014
on 24 May 2017
@tundebabzy I think if it not support on the server shouldn't give the chance of user to use the functionality. I also think it's a bug.
almeidapaulopt
on 24 May 2017
It's not a bug. The markdown is rendered by the client (Showdown.js) not the backend server. The backend also does not accept just anything because of SQL injection and other security issues. If text from the comment box get to the backend without the flag, we escape everything just to be cautious.
tundebabzy
on 24 May 2017
@tundebabzy I understand all of that, as a technical. But if you think as a user, you can do something that is undone when you save. As a user you don't know why but it happens, so for the user it's a bug.
To prevent that I think erpnext should avoid the user to do what is not supported in both, front and backend (or at least inform the user when doing that kind of things)
almeidapaulopt
on 24 May 2017
Yes it is actually confusing. Markdown is switched on by default for the comments so perhaps the flag should be set by default.
tundebabzy
on 24 May 2017
Related issues
heyakyra
路
4Comments
cradford
路
4Comments
nabinhait
路
4Comments
rmehta
路
3Comments
royalhospital
路
4Comments
Most helpful comment
Yes it is actually confusing. Markdown is switched on by default for the comments so perhaps the flag should be set by default.