Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete markdown rendering in clarification requests #2311

Closed
GBathie opened this issue Jan 29, 2024 · 2 comments · Fixed by #2322
Closed

Incomplete markdown rendering in clarification requests #2311

GBathie opened this issue Jan 29, 2024 · 2 comments · Fixed by #2322

Comments

@GBathie
Copy link

GBathie commented Jan 29, 2024

Hi! SWERC 2023-24 was this weekend, here is a minor issue that we encountered with DOMjudge.

Description of the problem

Some markdown elements such as quotes or inline code blocks are not rendered correctly, for example in clarification requests.

Your environment

DOMjudge 8.3.0DEV/5502c03cc

Steps to reproduce

  • Log into DOMJudge with jury capabilities
  • Go to the "clarifications" tab
  • Click "send clarification"
  • Enter the following markdown:
*Italic*
**Bold**
`inline code`

 # Heading 1 
 ## Heading 2

 [Link](http://a.com) 

 ![Image](../../images/DOMjudgelogo.svg?v=8.3.0DEV/5502c03cc) 

- List e1
- List e2

1. list e1
2. list e2

---

```
code blocks
```

Expected behaviour

Mardown elements are rendered correctly

Actual behaviour

Blockquote, inline code and code blocks are note rendered properly

Any other information that you want to share?

I suspect that the culprit is this this line, where HTML escaping is done before rendering markdown, likely resulting in HTML special characters being replaced, erasing the markdown elements.
@nickygerritsen
Copy link
Member

We recently added that line since we had an XSS attack vector. We will investigate if we can enable some of these elements somehow.

nickygerritsen added a commit to nickygerritsen/domjudge that referenced this issue Feb 10, 2024
@nickygerritsen
Use a Symfony Form for jury clarifications.
f590d36 
Also sanitize only after converting to markdown. Fixes DOMjudge#2311
@nickygerritsen nickygerritsen mentioned this issue Feb 10, 2024
Merged
nickygerritsen added a commit to nickygerritsen/domjudge that referenced this issue Feb 10, 2024
@nickygerritsen
Use a Symfony Form for jury clarifications.
1cf1720 
Also sanitize only after converting to markdown. Fixes DOMjudge#2311
@nickygerritsen
Copy link
Member

Turns out we needed to first run markdown, then sanitize instead of the other way around. I have added that to the above linked PR.

nickygerritsen added a commit to nickygerritsen/domjudge that referenced this issue Feb 10, 2024
@nickygerritsen
Use a Symfony Form for jury clarifications.
48a68a2 
Also sanitize only after converting to markdown. Fixes DOMjudge#2311
github-merge-queue bot pushed a commit that referenced this issue Feb 17, 2024
@nickygerritsen
Use a Symfony Form for jury clarifications.
2a947c1 
Also sanitize only after converting to markdown. Fixes #2311
vmcj pushed a commit to vmcj/domjudge that referenced this issue Feb 24, 2024
@nickygerritsen @vmcj
Use a Symfony Form for jury clarifications.
fd72b74 
Also sanitize only after converting to markdown. Fixes DOMjudge#2311
nickygerritsen added a commit to vmcj/domjudge that referenced this issue Feb 27, 2024
@nickygerritsen
Use a Symfony Form for jury clarifications.
e6457c4 
Also sanitize only after converting to markdown. Fixes DOMjudge#2311
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use a Symfony Form for jury clarifications. nickygerritsen/domjudge
2 participants
@nickygerritsen @GBathie