-
Versions
Concepts
Resources
- Attachment
- Bulk-Export
- Bulk-Import
- Comment
- Countries
- Notification
- Question
- Question Follow
- Question Forward
- Question Updates
- Search
- Share content
- Solution
- Tag
- User
Markup
Plain text
Unless otherwise mentioned, all string fields in the API will be interpreted as plain text without any markup. This includes question titles, share messages, tag labels as well as the firstname, lastname, about and location of a user.
Example
A question with
{
"title": "Can I <strong>use</strong> HTML?"
}
is displayed in the Starmind frontend without interpreting the HTML tags as markup:
Can I <strong>use</strong> HTML?
HTML text with mentioning markup
The Starmind application expects the following string fields to contain HTML markup:
Furthermore, these descriptions are parsed for mentions. A mention is a substring of the form [~John Doe|id:1234]. These are displayed in the Starmind frontend as a hyperlink to the profile of the user with id 1234, where the link gets the label John Doe. Furthermore, when such a mention is first submitted to the Starmind API, the user with id 1234 will receive a notification of type mention_in_question, mention_in_solution or mention_in_comment respectively.
Example
A comment with description
{
"description": "Can I <strong>use</strong> HTML, [~Sherlock|id:1234]?"
}
is displayed in the Starmind frontend with HTML markup and with parsed mentions:
Can I use HTML, Sherlock?
Sanitizing
The Starmind frontend sanitizes all user-generated HTML content before it is rendered in the browser. This removes all Javascript and other potentially malicious code, protecting the end-user from any injection attacks.
Beware! Every third-party client which renders content from the Starmind API must always sanitize the content to prevent any code which could be harmful in its specific environment from being executed!