How to use Phoenix html tag and support Safe html in markdown

shahryarjb · August 13, 2018, 11:37pm

Hello, I want to use Markdown-it in my phoenix, but I have a problem with Phoenix Tag, supposing that I don’t use phoenix tag and write normal html like this:

I have no problem until I want to use normal html , as you see this code works like this forums markdown editor .

but I have a problem when I use phoenix tag like this:

and now my code doesn’t work like original html , please see the pic:

it shows me a text but I need it to show me the markdown demo like the first code.
if I write the original html, it will work but now it is blow pic:

how can I fix this textarea‍‍‍ and show the demo of markdown? in the meantime I need much security in this!!

thanks

NobbZ · August 14, 2018, 8:04am

It would have been easier if you had posted code rather than screenshots.

But for now on a quick glance it seems as if you create a textarea in the second example where you have a div in the first.

I’m wondering why you want that one handled by dynamic phoenix stuff at all, it looks as if all you need there is just an empty div.

shahryarjb · August 14, 2018, 8:30am

Hello, it works in div or every original html, I have a question why it doesn’t work with Phoenix tag?

I want to learn how to control Phoenix’s existences

NobbZ · August 14, 2018, 11:04am

So if you use a textarea in manually crafted HTML, it works as you expect it, while a textarea created by phoenix formhelpers does not?

Have you diffed the created Vs. The crafted HTML to be able to see the difference? Have you handcrafted a full form already or only standalone textarea?

OvermindDL1 · August 14, 2018, 4:45pm

Why is your output a textarea? That should indeed show you the html but if you are not wanting the html then… Your original code did not use a textarea as the output.

shahryarjb · August 14, 2018, 5:39pm

I just want to test it and I was curious.

shahryarjb · August 14, 2018, 5:45pm

I think there is a difference in both of them I mean original html and Phoenix tag, Because it works in original html but it doesn’t work in the Phoenix tag.

I didn’t know what you said, I am sorry, but I don’t understand why they are different, it seems that phoenix tag filters html

is the original html’s dive safe for xss bug ?

NobbZ · August 14, 2018, 7:53pm

I told you, that in the original version you are using a div in the original and a textarea in the phoenix version, you told me that doesn’t matter, so I asked you, if I understand you correctly that it works with a handcrafted version that uses textarea, and now you tell me that you do not know?

Just stick to a div as a target for the rendered HTML, textareas are an input element, nothing you display rendered HTML with.

As I said already, div != textarea. Unless you have proven that a textarea works in handcrafted HTML, I will assume that this is the culprit.

And diff is a commandline tool in unixes that compares files and shows the actual differences, line by line.

shahryarjb · August 15, 2018, 6:26am

I made a bad mistake I’m very very sorry

NobbZ · August 15, 2018, 8:06am

It’s not that bad, misunderstandings happen, especially when both of us are not native speakers/writers.