1 | ||
1 | ||
1 | ||
1 |
I've tested it a bit before but this should be a larger test.
Automatic link detection: https://gvid.tv
Inline image:
New line with two spaces after it.
And this is the following line.
New line with no spaces after it. And this is the following line.
Table | Time |
---|---|
January | $250 |
February | $80 |
March | $420 |
Strawpoll embed
Gvid embed
Emote
A page break just happened
This image might expand when clicked
https://img.gvid.tv/i/2wtzmaQu.jpg
Here is some
inline code.
This is a code block
console.log('hello');
<script>document.body.background="green"</script>
Testing exclusion of inline html: <script>document.body.background="red"</script>
<div>Hello world</div>
I think I just have click expand images in the comments:
https://img.gvid.tv/i/2wtzmaQu.jpg
I should add that to text posts.
Can we has table that uses boarders?
<table> <tr> <th>Header 1</th> <th>Header 2</th> <th>Header 3</th> </tr> <tr> <td>Row 1, Col 1</td> <td>Row 1, Col 2</td> <td>Row 1, Col 3</td> </tr> <tr> <td>Row 2, Col 1</td> <td>Row 2, Col 2</td> <td>Row 2, Col 3</td> </tr> </table>
<style> table, th, td { border: 1px solid black; border-collapse: collapse; padding: 5px; text-align: center; } </style>
<table> <tr> <th>Header 1</th> <th>Header 2</th> <th>Header 3</th> </tr> <tr> <td>Row 1, Col 1</td> <td>Row 1, Col 2</td> <td>Row 1, Col 3</td> </tr> <tr> <td>Row 2, Col 1</td> <td>Row 2, Col 2</td> <td>Row 2, Col 3</td> </tr> </table>
I like my boarders.
I'm going to test that in a theme really quick. I agree. The tables should have borders. The theme is a quick and dirty way to test it without doing anything to the main css. Kind of convenient when multiple elements are targeted over using the console.
FYI, did you know comments can be themes?
Test table in the comments.
Looks good. I'm adding to the CSS.
8===D ~~~ (.y.)
This needs boarders.
8===D ~~~ (.y.)
Cool, a user friendly guide or drop down button with said guide would be good when making comments. That way when people try to comment they could be like, oh shit, thats how i do that in markdown? Cool!
Yep. I need to add a show source button. That and I should make something on the footer called guide, that would just be a post that links to other useful posts based on topic.
One problem is it is hard to show the text for how to do something in markdown without doing it and thus obfuscating how it was done. Markdown is really bad at escaping.
FYI A long time ago I went nuts making this formatting guide.
https://saidit.net/wiki/commenting
That's interesting. I see you are using <td> in there. That's inline html inside markdown. It's not very secure. Making the site not support inline html is why I changed engines.
I was about to copy and paste it but I'll probably have to read through it in more detail and cut out things that intentionally don't work here. Then the next step would be to add in the more markdown way of doing tables.
I don't recall where I picked up all the specific info in there, but in addition to researching Markdown and how Reddit/SaidIt Markdown is slightly different, I do know a lot is original through exploration and testing. Also, I did most if not all of that in only one browser - before I had a phone. I was as truthful as possible, but I suspect there were things I may have mis-noted, and didn't understand why some quirks existed, and maybe some notes didn't apply to all OS's or browsers - and I think I corrected most if not all the mis-issues as they would come up.
In short, it's the best I could do but is not expert level or ultimately definitive.
How is <td> insecure?
Also to the extent that could be annoying to a user, they can make any sane formatting with markdown itself. For example instead they could do:
And get:
It's really more of an issue with trusting users to write html directly. There are many engines and how each of them will behave at blocking specific html tags can't be trusted especially when you don't know all bad html attacks users could perform.
So it's better to make sure all html is generated from the markdown engine itself rather than passed through from the user.
One example would be <script> tags. With that they could then make requests as a signed in user for anyone who views the page. There are all kinds of ways to get javascript to excuse beyond using a script tag.
After generating the html from the markdown you should process it through a XSS detector that will check the html for different attacks. But those can't be 100% reliable so you want to reduce the amount of custom html that can hit it to begin with.
Thanks. TIL.
That makes sense, i never thought of that. The wonderfun of pulling back the curtain and the browser saying, "No idiot, let me show it. LET ME SHOW IIIIITTTTTT!!!!!"
Idea, use an image?