Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow admins to post unsanitized HTML #81

Open
pitaj opened this issue Sep 22, 2016 · 4 comments
Open

Allow admins to post unsanitized HTML #81

pitaj opened this issue Sep 22, 2016 · 4 comments

Comments

@pitaj
Copy link
Collaborator

pitaj commented Sep 22, 2016

Title says it all. Admins should be able to post unsanitized HTML inside their Markdown since they have access to the option to enable/disable the sanitizer.
@savageautomate
Copy link

+1

@julianlam
Copy link
Member

What's the use case for this feature?

@savageautomate
Copy link

In my case, I would like to limit regular users to using the Markdown to protect against an malicious HTML just at it works today. But there are cases as the site owner/administrator where I would like to add richer custom formatted content than what Markdown can deliver and also potentially embed content from other my services via iframe or raw javascript.

So in summary I would like to maintain the rigid structure and protection for regular user content via Markdown but have the flexibility as the site owner/admin to author and embed other and richer content.

@ShlomoCode
Copy link

I too would like such a thing! This is suitable for example if the administrator wants to publish more designed posts - a kind of blog category, but still does not want to get XSS from regular users... :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pitaj @julianlam @savageautomate @ShlomoCode