tag:help.tenderapp.com,2008-11-12:/discussions/problems/59338-and-doesnt-translate-from-unicode-in-echoTender: Discussion 2014-01-29T20:39:29Ztag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:15:14Z2014-01-27T20:15:14Z< and > doesn't translate from unicode in Echo.<div><p>Hey Michael,</p>
<p>We just deployed a fix for a potential XSS attack, and this is
an unforeseen side effect. I'd rather not roll back the fix. I see
that you use < > mostly for links. Would it be ok to switch
to a Markdown syntax instead: <code>[text](link)</code> ?</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:17:10Z2014-01-27T20:17:10Z< and > doesn't translate from unicode in Echo.<div><p>I'm also looking at a hotfix to keep it working as is. Give me a
few minutes.</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:23:41Z2014-01-27T20:23:41Z< and > doesn't translate from unicode in Echo.<div><p>Hey Julien,</p>
<p>now problem with Markdown is that it looks terrible on the user
end. Gmail for example doesn't translate Markdown and we'd like
links to show up properly.</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:38:58Z2014-01-27T20:38:58Z< and > doesn't translate from unicode in Echo.<div><p>Hi Michael,</p>
<p>This should be fixed.</p>
<p>As for Markdown, Tender always sends what renders. So if you use
Markdown in your echo, and the supporter has Markdown activated for
the format (which is the default), the user would received the
rendered version of the Markdown (ie HTML), not Markdown.</p>
<p>But either way, it's now fixed.</p>
<p>Let me know if you encounter any other issue.</p>
<p>Thanks.</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:51:12Z2014-01-27T20:51:12Z< and > doesn't translate from unicode in Echo.<div><p>Sorry, I meant in the Email that arrives for the customer rather
than on Tender, which doesn't work well with Markdown as it's not
parsed to HTML</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T20:54:26Z2014-01-27T20:54:26Z< and > doesn't translate from unicode in Echo.<div><p>The Echo script titles still show the same behavior I'm
afraid.</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T21:14:17Z2014-01-27T21:15:09Z< and > doesn't translate from unicode in Echo.<div><p>I also just noticed that all double quotation marks are just
removed..</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T22:18:15Z2014-01-27T22:18:15Z< and > doesn't translate from unicode in Echo.<div><p>Hey Michael,</p>
<p>The last deploy was more of an emergency fix. I'm working on a
more comprehensive solution. I'll keep you posted when it's up.</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T22:37:16Z2014-01-27T22:37:16Z< and > doesn't translate from unicode in Echo.<div><p>Thanks Julien,</p>
<p>for now we've switched to single quotations in our Echo scripts,
it's a good enough fix for the time being and the browser couldn't
care less.</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-27T23:51:38Z2014-01-27T23:51:38Z< and > doesn't translate from unicode in Echo.<div><p>Hey Michael,</p>
<p>Yes, this will do in the meantime. I have a better fix ready,
just needs the usual QA, etc. We're also adding some scenarios to
our tests to cover echoes with HTML (I had always used
Markdown).</p>
<p>Also:</p>
<blockquote>
<p>Sorry, I meant in the Email that arrives for the customer rather
than on Tender, which doesn't work well with Markdown as it's not
parsed to HTML</p>
</blockquote>
<p>That's what I was explaining: if you have HTML emails, they get
the "rendered" version. So you can still write Markdown, and it
will render correctly both on the page, and in the email to the
customer (provided formatting is set to Markdown for that comment
of course).</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-28T21:09:17Z2014-01-28T21:09:17Z< and > doesn't translate from unicode in Echo.<div><p>Hi Julien,</p>
<p>Thanks for reiterating that. I had a second look at our setup
and noticed that it does indeed function as you say. For some
reason it didn't before.</p>
<p>It also uncovered some things on our end that we could and
should do better, which is nice that it got brought up. :)</p></div>Michaeltag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-28T21:23:20Z2014-01-28T21:23:20Z< and > doesn't translate from unicode in Echo.<div><p>Glad to hear. I'm still expanding tests to improve the security
fix.</p>
<p>Hopefully it will be deployed tonight or tomorrow.</p>
<p>Cheers.</p></div>Julientag:help.tenderapp.com,2008-11-12:Comment/313249342014-01-29T20:39:27Z2014-01-29T20:39:27Z< and > doesn't translate from unicode in Echo.<div><p>Hey Michael,</p>
<p>Just wanted to let you know that I deployed a new fix for the
<code><></code> and <code>"</code> in echoes. They should now
behave properly both inside the listing and inside the textarea
when pasted.</p>
<p>I will go ahead and close this, but if you experience any issue,
or need to reopen, feel free to do so.</p>
<p>Cheers!</p></div>Julien