c0d3-app icon indicating copy to clipboard operation
c0d3-app copied to clipboard
verified publisher icon garageScript

Code review comments: HTML and inline css styles are not escaped

Open scotthallock opened this issue 2 years ago • 0 comments

Inline styles

A user can create comments that contain HTML elements and inline css styles:

Screenshot 2023-03-23 at 3 58 29 PM

Screenshot 2023-03-23 at 3 58 49 PM

A comment can include a <script> tag. However, initial tests show that the script will not run:

Screenshot 2023-03-23 at 4 18 17 PM

Screenshot 2023-03-23 at 4 18 37 PM

Expected behavior:

  • Should only standard markdown be supported for code review comments?
  • Should a user be allowed to create HTML elements and use inline styles?

scotthallock avatar Mar 23 '23 21:03 scotthallock