Some HTML will be stripped by TOC API when TocBuilder::buildContent() is wrapping the altered html in a '#markup' render element.
Examples are youtube embed stripped out, or images not loading (since img-tags augmented by the popular blazy lazy image loading module uses a "data:" prefix in its "src" attributes). If you use youtube embed or blazy image lazy loading in e.g. a paragraph field that you enhance with TOC API, your browser is hence not showing those elements.
This happens because that render element passes everything through Xss:filterAdmin(), which will strip out some HTML code no matter what you specify as #allowed_tag in that render element:
public function buildContent(TocInterface $toc) {
return [
'#markup' => $this->renderContent($toc),
'#allowed_tag' => Xss::getAdminTagList(),
];
}
A fix is quite simple (see patch below): Instead of using a #markup render element, build a render array with another mechanism, that won't touch the built HTML, e.g. an inline template:
public function buildContent(TocInterface $toc) {
return [
'#type' => 'inline_template',
'#template' => '{{ content|raw }}',
'#context' => [
'content' => $this->renderContent($toc),
]
];
}
Please help to review, discuss and bring this improvement to the TOC API module.
Needs work
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I'm bumping priority as this patch is pretty essential IMO.
Have tested it and it resolves the issue as described - leaving as needs work as still needs tests as noted about (side note - the existing module tests are not working and no automation is currently set up either)