What's going on with encoding?

What's going on with encoding? If I type (including the angle brackets), I get an empty item. I tried XSS but fortunately that doesn't work, at least not trivially. Why isn't everything HTML-encoded by default?

Comments

  1. Kirill Maximov (KIR)2 May 2016 at 12:33

    Hello Thomas, Checkvist supports HTML by default, and tries to avoid XSS as much as possible. To be able to include tags and code unparsed, you can enable Markdown (if it is not enabled yet), and use Markdown syntax for code: https://checkvist.com/auth/help#markdown

    Hope, this helps.

    ReplyDelete
  2. Thomas ten Cate2 May 2016 at 22:37

    Ahhh, it's the Markdown parser, of course. Thanks for enlightening me!

    ReplyDelete

Post a Comment

Popular posts from this blog

Some things I miss from Checkvist when working in the browser on an iPad (without keyboard):

Some things I miss from Checkvist when working in the browser on an iPad (without keyboard): 1. The task menu (actions, aa) has no lc and "more" (which includes ex, for example). 2. I cannot invalidate a task (shift-space), or delete it. 3. For marking done/open, the swipe has to be carried out on the text of the task. For short entries (short word or even just a letter), this can be hard to do. These are exceptions, but why not allow swiping the whole task row?
Read more

Google Plus is shutting down, we are moving to Discuss.checkvist.com

Dear friends, As you probably know, Google+ is going to shut down in a couple of months. It was a decent platform for us for many years, but now we have to ask you to move to our new discussion forum - https://discuss.checkvist.com If you need to comment on your old posts in this Google+ forum, please, consider creating a corresponding topic in the new place and add a link to the old discussion. See you there!
Read more