You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The info button implementation (#1) only allows for plain text -- this is because raw HTML (as requested originally) poses a security risk. It would be possible for someone to write a scene with malicious code saved in the description, and then send it to someone where the injected code could hijack that person's credentials and take over their Mapzen account.
It is safer to render the content via Markdown so that the person who provides the description can still add links, bold or italicized text, paragraphs, and more. As a result, the description render should make use of a Markdown rendering library to run description text through. (CommonMark spec is preferred.)
Along with this, there should be instructions in Tangram Play for Markdown syntax.
The info button implementation (#1) only allows for plain text -- this is because raw HTML (as requested originally) poses a security risk. It would be possible for someone to write a scene with malicious code saved in the description, and then send it to someone where the injected code could hijack that person's credentials and take over their Mapzen account.
It is safer to render the content via Markdown so that the person who provides the description can still add links, bold or italicized text, paragraphs, and more. As a result, the description render should make use of a Markdown rendering library to run description text through. (CommonMark spec is preferred.)
Along with this, there should be instructions in Tangram Play for Markdown syntax.
cc @burritojustice
The text was updated successfully, but these errors were encountered: