Request to allow embed codes on Flashcards/Challenges

Answered/Implemented

Comments

3 comments

  • Avatar
    Vicott Wong
    I did a quick check using the exact codes and have the following findings:
    • The html contents are saved correctly in CMS
    • The data is returned properly in API
    • It is not rendered properly in ReactJS
    • For Android/iOS, of course it won't be supported
    0
    Comment actions Permalink
  • Avatar
    Lee Chuan Xin

    There is no way to do this safely. This is how the strings returned from the Description are parsed before rendering:

    • Checks description for links, wraps them in an anchor. We have this because we want automatic detection of links (and wrapping them with anchors). This is done with the library anchorme

    • Added to the page using dangerousSetInnerHtml so that the HTML itself will be rendered (which by itself is very unsafe).

    Unfortunately, while anchorme ignores links in anchors or hrefs or even srcs, it does not ignore the ones within special data tags like data-instgrm-permalink and even xmlns. You noticed when it is rendered, https://www.instagram.com/p/BuYDK9kF3mt/?utm_source=ig_embed&utm_campaign=loading within data-instgrm-permalink, it is already wrapped in an anchor.

    There is not scalable way for me to do these checks without using very complex regex just to check for the inputs or URLs. And even so, using Instagram links as the example, this may mean that for the rest of the description, Instagram links will not be rendered with anchors.

    0
    Comment actions Permalink
  • Avatar
    Lee Chuan Xin

    An option I can explore: fork anchorme within our Gametize repo folders, add exceptions to certain HTML attributes. And use the Gametize version of the anchorme library instead.

    This option means I have to explicitly define every unsafe attribute that may be unintentionally converted into an anchor by anchorme, so you have to let me know if there are any embedded tags that fail to work.

    0
    Comment actions Permalink

Please sign in to leave a comment.