Skip to content

fix(markdown): preserve SVG tags in code blocks #707

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 29, 2025
Merged

fix(markdown): preserve SVG tags in code blocks #707

merged 4 commits into from
Aug 29, 2025

Conversation

@yhabib
Copy link
Contributor

@yhabib yhabib commented Aug 28, 2025

Motivation

The Markdown component converts markdown into HTML. For security reasons, the input is sanitized before transformation.

The initial implementation was introduced here and acknowledged this edge case.

It's not possible to use the HTML renderer since the SVG contains multiple tags.
One edge case remains unaddressed: if the SVG is inside the <code> tag, it will be rendered with < and > instead of "<" and ">."

We need to address this use case now, as there is a mismatch between how the proposal is rendered and how it should be rendered:

Changes

  • Do not escape svg's inside code blocks.

Screenshots

Screenshot 2025-08-27 at 15 42 30

@yhabib yhabib requested review from a team as code owners August 28, 2025 07:45
@yhabib yhabib marked this pull request as draft August 28, 2025 07:47
@yhabib yhabib marked this pull request as ready for review August 28, 2025 17:08
mstrasinskis
mstrasinskis approved these changes Aug 29, 2025
View reviewed changes
Copy link
Contributor

@mstrasinskis mstrasinskis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@yhabib yhabib merged commit 0ed8d1c into main Aug 29, 2025
15 checks passed
@yhabib yhabib deleted the yhabib/sanitize-svgs-inside-code-blocks branch August 29, 2025 08:51
@yhabib yhabib mentioned this pull request Aug 29, 2025
Merged
github-merge-queue bot pushed a commit to dfinity/nns-dapp that referenced this pull request Aug 29, 2025
@yhabib
fix(deps): update gix for markdown SVG rendering (#7313)
a77f06c 
# Motivation

dfinity/gix-components#707 fixed an issue on how
`svg` are render as part of code blocks in the Markdown component.

This issue has arisen with the II proposal that was rendered incorrectly
in the nns-dapp, causing problems when attempting to validate the
payload.
* https://dashboard.internetcomputer.org/proposal/138188
*
https://nns.ic0.app/proposal/?u=qoctq-giaaa-aaaaa-aaaea-cai&proposal=138188

This PR fixes it as shown in the following screenshot:

<img width="809" height="633" alt="Screenshot 2025-08-29 at 11 25 39"
src="https://github.com/user-attachments/assets/37bf5cad-b56a-4a36-8e3e-65f4d4b80cc9"
/>

[NNS1-4082](https://dfinity.atlassian.net/browse/NNS1-4082)

# Changes

- Bump gix to latest.

# Tests

- Validate the payload with the new rendering output and getting
`1c18791e243e9c00cfb124320df7b11a216660cf9f9616a39e8565f62f3a2236`

[NNS1-4082]:
https://dfinity.atlassian.net/browse/NNS1-4082?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mstrasinskis mstrasinskis mstrasinskis approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yhabib @mstrasinskis