Markdown strips HTML

[andydotxyz]

I have a small piece of HTML in my README.md which I use for extra styling but it is stripped out of my README for the project.
My other markdown based sites show it fine.

Example is at github.com/headsupdev/agile - see the 1 line of HTML completely ignored.

[bardibardi]

lts for less than sign
gts for greater than sign
description of unix style filter in README.md
filter lts file_in gts file_out
displays filter file_out
lts file_in gts gets tossed as html markup?

[bardibardi]

The previous comment refers to something that may appear to be html but should be valid markdown and should not be stripped out.

[nvkelso]

+1. I have an HTML table inside my markdown and Github seems to be stripping out all the style attributes on the cells or cell content. I would expect Github to preserve styling attributes within HTML blocks. The general markdown.css should still style the table in a general way (even, odd row colors, etc).

[NWilson]

+1. I find it very annoying that inline bits of HTML are stripped by gh-pages.

[bkeepers]

We do allow HTML in markdown documents, but we don't allow unsafe HTML tags and attributes (iframe, style). It's impossible to distinguish between legitimate use and abuse. Let us know if there's a specific tag or attribute that we should allow (as long as it can't be abused).

[mindplay-dk]

I can understand disallowing e.g. <iframe> and <script> for security reasons, but how does the style attribute lead to abuse exactly?

This is pretty annoying.

[gjtorikian]

Because one can turn the font size 48 in a bright yellow, rendering any text illegible and burning holes in a hapless user's corneas.

[pchaigno]

@mindplay-dk And because of Scriptless attacks 😜

[mindplay-dk]

Because one can turn the font size 48 in a bright yellow, rendering any text illegible and burning holes in a hapless user's corneas.

Yeah, that's hardly a security concern - and, I can do all of that with a large, ugly image, which no one's trying to stop me from.

And because of Scriptless attacks

I'm sure you could address behavior, expression and url('javascript:...') attacks in IE without having to cripple standard HTML?

For instance, if you don't want people changing fonts or font-sizes, just use a simple whitelist allowing e.g. float, width, height, text-align and other basic layout properties...

[fsantanna]

+1 for the whiltelist

[chriskrycho]

abbr would be really nice, too.

[75th]

This is probably futile, due to the standardization of GitHub Flavored CommonMark, but I would love to be able to use <small></small>. You could set it to an absolute pixel size in CSS (rather than a sub-100 percentage) to prevent abuse by nesting multiple smalls.

[3572]

در تاریخ ۱۴ فوریهٔ ۲۰۱۸ ۰:۴۲، "Lanny Heidbreder" <[email protected]> نوشت:

…

I would love to be able to use . — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#119 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/Ag267c8F80sh97WwKsyDzvC6qiXXF-5Sks5tUfq5gaJpZM4AC5qV> .

[ghost]

Maybe we could have some of the not-too-dangerous <style></style> parameters like:

• padding-left;
• padding-right;
• margin-left;
• margin-right;
• text-align;
  and so on, just to layout text and images the way we want. That'd be a start :D

[SimonCropp]

can this be re-opened?

[Berkmann18]

As @mindplay-dk said, why not allow inline CSS / CSS but with only whitelisted declarations?

[paloha]

For me this is a very unexpected behavior. In my head, mixing HTML with Markdown is the way to achieve custom styling. I use Markdown to save time but when I need something special, well I just write it in HTML and style it myself. As it appears, this is not how GitLab sees it. If there at least was an explicit mention about it in the documentation like "HTML YES, STYLING NO!".

I used Markdown preview plugin in my Atom editor where styles happily work, just to find out non of my inline css works in GitLab.
When I tried to google where is the problem, it also took me quite some time to find this issue which basically says mixing HTML with inline CSS styles is not supported in GitLab Markdown.

⛔ Adding css at the beginning of the document does not work.

<style>
...
</style>

⛔ Adding css style inline does not work.

<div style="padding: 20px;"> ... </div>

I did not even style a public repo's readme.md, but a md file which is another part of my private project. It would be lovely if GitLab would change their minds about it.

Note: I hope I have thrown in enough keywords for google to index this higher in relation to this issue.

[smileBeda]

It is perfectly valid to do this in markdown:
<span style="color: red;">Depracated</span>

Github decided this is not OK
So now you have to do this:
community/community#31570

That works, but is awfully ugly.