Drop Markdown support in bio field
What does this MR do?
This MR drops the support for Markdown in bio field on user profile page and in user pop-over.
Read the discussion below to understand why; in short - supporting Markdown makes bio vulnerable and poses security concerns.
Note: Users API was exposing both bio and bio_html.
Screenshots or Screencasts (strongly suggested)
How to setup and validate locally (strongly suggested)
- Visit user profile page
http://127.0.0.1:3000/[username] - In case you have no text in bio field yet, go to Edit profile page, add whatever you please, save the changes
- Visit again user profile page
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Edited by Magdalena Frankiewicz