fix 235221: Sanitizing the html content by closing the unclosed tags

[Parasaran-Python]

fix #235221: Sanitizing the html content and closing the unclosed tags

The unclosed comment tag in markdown causes a breakage in the final html thats generated by the markdown rendering engine.

The script tags for markdown preview which are dynamically inserted to the DOM are engulfed by the unclosed comment tag and are then treated as a part of the comment by the JS engine.

[Parasaran-Python]

In case the explanation in the description wasnt very clear

Check the script tag, this is how its expected to be

Due to the unclosed tag in markdown

Its rendered as a comment inside the above div tag, thereby causing the breakage

other events like showing markdown text content on dblClick are also not bound due to this breakage.

@mjbvz could you please go through this PR and provide your inputs.

[mjbvz]

Thanks for taking a look. However I don't think this is the right approach

Using a regex to try fixing/sanitizing html is not robust. Instead I think we should try switching to use proper dom apis

1. pass the rendered markdown into the webview, for example in vscode-markdown-preview-data
2. In the webview scripts, use something like innerHTML to write the rendered markdown into the document on load

let me know if you have any questions about this

[Parasaran-Python]

Thanks for taking a look. However I don't think this is the right approach

Using a regex to try fixing/sanitizing html is not robust. Instead I think we should try switching to use proper dom apis

1. pass the rendered markdown into the webview, for example in `vscode-markdown-preview-data`

2. In the webview scripts, use something like `innerHTML` to write the rendered markdown into the document on load

let me know if you have any questions about this

It seems that the DOM APIs didn’t work on this page, perhaps because it’s not being executed in a browser environment. As a result, I had to resort to using regex.

May be some 3rd party node package can help, dompurify as well is not supported outside browser env.

I’ll consider an alternative approach for this. If you have any suggestions or recommendations, I’d be happy to hear them!

[Parasaran-Python]

@mjbvz I think I understood what you are trying to convey,

You suggest passing the markdown content inside an attribute of the shown meta tag

And consuming it inside webview like this

Please correct me if I'm wrong.

[mjbvz]

Yes that sounds correct 👍

[Parasaran-Python]

Yes that sounds correct 👍

@mjbvz I have made the changes to the best of my understanding, could you please re-review.

Fix seems to work fine with the markdown given on the issue.

Thanks.

[Parasaran-Python]

Seems like a " in markdown is breaking things, will check.

[Parasaran-Python]

Encode and decode seems to fix it,

Tried multiple special chars,

works fine.