Knah-Tsaeb/MyShaarli
Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
MyShaarli/plugins/markdown/markdown.php

328 lines
9 KiB
PHP
Raw Normal View History

PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
<?php
/**
* Plugin Markdown.
*
* Shaare's descriptions are parsed with Markdown.
*/
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
/*
* If this tag is used on a shaare, the description won't be processed by Parsedown.
*/
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
define('NO_MD_TAG', 'nomarkdown');
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
/**
* Parse linklist descriptions.
*
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
* @param array $data linklist data.
* @param ConfigManager $conf instance.
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*
* @return mixed linklist data parsed in markdown (and converted to HTML).
*/
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
function hook_markdown_render_linklist($data, $conf)
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
{
foreach ($data['links'] as &$value) {
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
$value = stripNoMarkdownTag($value);
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
continue;
}
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
$value['description'] = process_markdown(
$value['description'],
$conf->get('security.markdown_escape', true),
$conf->get('security.allowed_protocols')
);
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
}
return $data;
}
Process feeds content with Markdown
2016-03-12 18:39:57 +01:00
/**
* Parse feed linklist descriptions.
*
* @param array $data linklist data.
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
* @param ConfigManager $conf instance.
Process feeds content with Markdown
2016-03-12 18:39:57 +01:00
*
* @return mixed linklist data parsed in markdown (and converted to HTML).
*/
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
function hook_markdown_render_feed($data, $conf)
Process feeds content with Markdown
2016-03-12 18:39:57 +01:00
{
foreach ($data['links'] as &$value) {
if (!empty($value['tags']) && noMarkdownTag($value['tags'])) {
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
$value = stripNoMarkdownTag($value);
Process feeds content with Markdown
2016-03-12 18:39:57 +01:00
continue;
}
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
$value['description'] = process_markdown(
$value['description'],
$conf->get('security.markdown_escape', true),
$conf->get('security.allowed_protocols')
);
Process feeds content with Markdown
2016-03-12 18:39:57 +01:00
}
return $data;
}
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
/**
* Parse daily descriptions.
*
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
* @param array $data daily data.
* @param ConfigManager $conf instance.
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*
* @return mixed daily data parsed in markdown (and converted to HTML).
*/
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
function hook_markdown_render_daily($data, $conf)
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
{
// Manipulate columns data
foreach ($data['cols'] as &$value) {
foreach ($value as &$value2) {
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
if (!empty($value2['tags']) && noMarkdownTag($value2['tags'])) {
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
$value2 = stripNoMarkdownTag($value2);
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
continue;
}
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
$value2['formatedDescription'] = process_markdown(
$value2['formatedDescription'],
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
$conf->get('security.markdown_escape', true),
$conf->get('security.allowed_protocols')
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
);
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
}
}
return $data;
}
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
/**
* Check if noMarkdown is set in tags.
*
* @param string $tags tag list
*
* @return bool true if markdown should be disabled on this link.
*/
function noMarkdownTag($tags)
{
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
return preg_match('/(^|\s)'. NO_MD_TAG .'(\s|$)/', $tags);
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
}
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
/**
* Remove the no-markdown meta tag so it won't be displayed.
*
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
* @param array $link Link data.
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
*
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
* @return array Updated link without no markdown tag.
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
*/
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
function stripNoMarkdownTag($link)
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
{
Markdown: fixes feed rendering with nomarkdown tag * make sure we match exactly `nomarkdown` tag * pass the whole link data to stripNoMarkdownTag() to: * strip the noMD tag in taglist (array) * strip the tag in tags (string) Fixes #689 tmp
2016-11-13 16:51:21 +01:00
if (! empty($link['taglist'])) {
$offset = array_search(NO_MD_TAG, $link['taglist']);
if ($offset !== false) {
unset($link['taglist'][$offset]);
}
}
if (!empty($link['tags'])) {
str_replace(NO_MD_TAG, '', $link['tags']);
}
return $link;
The tag is no longer private A private tag is never loaded for visitor, making this feature useless.
2016-05-30 18:51:00 +02:00
}
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
/**
* When link list is displayed, include markdown CSS.
*
* @param array $data includes data.
*
* @return mixed - includes data with markdown CSS file added.
*/
function hook_markdown_render_includes($data)
{
if ($data['_PAGE_'] == Router::$PAGE_LINKLIST
|| $data['_PAGE_'] == Router::$PAGE_DAILY
|| $data['_PAGE_'] == Router::$PAGE_EDITLINK
) {
$data['css_files'][] = PluginManager::$PLUGINS_PATH . '/markdown/markdown.css';
}
return $data;
}
/**
* Hook render_editlink.
* Adds an help link to markdown syntax.
*
* @param array $data data passed to plugin
*
* @return array altered $data.
*/
function hook_markdown_render_editlink($data)
{
// Load help HTML into a string
$data['edit_link_plugin'][] = file_get_contents(PluginManager::$PLUGINS_PATH .'/markdown/help.html');
Markdown: Add the 'meta-tag' `.nomarkdown` which prevent a shaare from being parsed with markdown Also add the tag in tag list in edit_link, so it will appear on autocompletion.
2016-03-21 18:46:34 +01:00
// Add no markdown 'meta-tag' in tag list if it was never used, for autocompletion.
if (! in_array(NO_MD_TAG, $data['tags'])) {
$data['tags'][NO_MD_TAG] = 0;
}
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
return $data;
}
/**
* Remove HTML links auto generated by Shaarli core system.
* Keeps HREF attributes.
*
* @param string $description input description text.
*
* @return string $description without HTML links.
*/
function reverse_text2clickable($description)
{
Hashtag system * Hashtag are auto-linked with a filter search * Supports unicode * Compatible with markdown (excluded in code blocks)
2016-05-10 23:18:04 +02:00
$descriptionLines = explode(PHP_EOL, $description);
$descriptionOut = '';
$codeBlockOn = false;
$lineCount = 0;
foreach ($descriptionLines as $descriptionLine) {
Fix an issue with links not being reversed in code blocks Fixes #672 + Markdown to HTML unit test
2016-10-21 12:38:38 +02:00
// Detect line of code: starting with 4 spaces,
// except lists which can start with +/*/- or `2.` after spaces.
$codeLineOn = preg_match('/^ +(?=[^\+\*\-])(?=(?!\d\.).)/', $descriptionLine) > 0;
Hashtag system * Hashtag are auto-linked with a filter search * Supports unicode * Compatible with markdown (excluded in code blocks)
2016-05-10 23:18:04 +02:00
// Detect and toggle block of code
if (!$codeBlockOn) {
$codeBlockOn = preg_match('/^```/', $descriptionLine) > 0;
}
elseif (preg_match('/^```/', $descriptionLine) > 0) {
$codeBlockOn = false;
}
$hashtagTitle = ' title="Hashtag [^"]+"';
// Reverse `inline code` hashtags.
$descriptionLine = preg_replace(
'!(`[^`\n]*)<a href="[^ ]*"'. $hashtagTitle .'>([^<]+)</a>([^`\n]*`)!m',
'$1$2$3',
$descriptionLine
);
Fix an issue with links not being reversed in code blocks Fixes #672 + Markdown to HTML unit test
2016-10-21 12:38:38 +02:00
// Reverse all links in code blocks, only non hashtag elsewhere.
$hashtagFilter = (!$codeBlockOn && !$codeLineOn) ? '(?!'. $hashtagTitle .')': '(?:'. $hashtagTitle .')?';
Hashtag system * Hashtag are auto-linked with a filter search * Supports unicode * Compatible with markdown (excluded in code blocks)
2016-05-10 23:18:04 +02:00
$descriptionLine = preg_replace(
Fix an issue with links not being reversed in code blocks Fixes #672 + Markdown to HTML unit test
2016-10-21 12:38:38 +02:00
'#<a href="[^ ]*"'. $hashtagFilter .'>([^<]+)</a>#m',
Hashtag system * Hashtag are auto-linked with a filter search * Supports unicode * Compatible with markdown (excluded in code blocks)
2016-05-10 23:18:04 +02:00
'$1',
$descriptionLine
);
$descriptionOut .= $descriptionLine;
if ($lineCount++ < count($descriptionLines) - 1) {
$descriptionOut .= PHP_EOL;
}
}
return $descriptionOut;
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
}
/**
* Remove <br> tag to let markdown handle it.
*
* @param string $description input description text.
*
* @return string $description without <br> tags.
*/
function reverse_nl2br($description)
{
return preg_replace('!<br */?>!im', '', $description);
}
/**
* Remove HTML spaces '&nbsp;' auto generated by Shaarli core system.
*
* @param string $description input description text.
*
* @return string $description without HTML links.
*/
function reverse_space2nbsp($description)
{
return preg_replace('/(^| )&nbsp;/m', '$1 ', $description);
}
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
/**
* Replace not whitelisted protocols with http:// in given description.
*
* @param string $description input description text.
* @param array $allowedProtocols list of allowed protocols.
*
* @return string $description without malicious link.
*/
function filter_protocols($description, $allowedProtocols)
{
return preg_replace_callback(
'#]\((.*?)\)#is',
function ($match) use ($allowedProtocols) {
return ']('. whitelist_protocols($match[1], $allowedProtocols) .')';
},
$description
);
}
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
/**
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
* Remove dangerous HTML tags (tags, iframe, etc.).
* Doesn't affect <code> content (already escaped by Parsedown).
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*
* @param string $description input description text.
*
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
* @return string given string escaped.
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*/
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
function sanitize_html($description)
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
{
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
$escapeTags = array(
'script',
'style',
'link',
'iframe',
'frameset',
'frame',
);
foreach ($escapeTags as $tag) {
$description = preg_replace_callback(
'#<\s*'. $tag .'[^>]*>(.*</\s*'. $tag .'[^>]*>)?#is',
function ($match) { return escape($match[0]); },
$description);
}
$description = preg_replace(
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
'#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
'$1',
$description);
return $description;
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
}
/**
* Render shaare contents through Markdown parser.
* 1. Remove HTML generated by Shaarli core.
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
* 2. Reverse the escape function.
* 3. Generate markdown descriptions.
* 4. Sanitize sensible HTML tags for security.
* 5. Wrap description in 'markdown' CSS class.
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*
* @param string $description input description text.
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
* @param bool $escape escape HTML entities
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
*
* @return string HTML processed $description.
*/
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
function process_markdown($description, $escape = true, $allowedProtocols = [])
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
{
$parsedown = new Parsedown();
$processedDescription = $description;
$processedDescription = reverse_nl2br($processedDescription);
$processedDescription = reverse_space2nbsp($processedDescription);
Hashtag system * Hashtag are auto-linked with a filter search * Supports unicode * Compatible with markdown (excluded in code blocks)
2016-05-10 23:18:04 +02:00
$processedDescription = reverse_text2clickable($processedDescription);
Add a whitelist of protocols for URLs - for Shaare - for markdown description links and images Not whitelisted protocols will be replaced by `http://`
2017-05-25 14:52:42 +02:00
$processedDescription = filter_protocols($processedDescription, $allowedProtocols);
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
$processedDescription = unescape($processedDescription);
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
$processedDescription = $parsedown
Add markdown_escape setting This setting allows to escape HTML in markdown rendering or not. The goal behind it is to avoid XSS issue in shared instances. More info: * the setting is set to true by default * it is set to false for anyone who already have the plugin enabled (avoid breaking existing entries) * improve the HTML sanitization when the setting is set to false - but don't consider it XSS proof * mention the setting in the plugin README
2017-02-27 19:45:55 +01:00
->setMarkupEscaped($escape)
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
->setBreaksEnabled(true)
->text($processedDescription);
Markdown: don't escape content + sanitize sensible tags Instead of trying to fix broken content for Markdown parsing, parse it unescaped, then sanatize sensible tags such as scripts, etc.
2016-02-19 19:37:13 +01:00
$processedDescription = sanitize_html($processedDescription);
Avoids populating a markdown empty container if there's no description.
2016-02-28 18:24:30 +01:00
if(!empty($processedDescription)){
$processedDescription = '<div class="markdown">'. $processedDescription . '</div>';
}
PLUGIN Markdown Parse link description in Markdown (HTML) before rendering. * hard remove of Shaarli's HTML before parsing. * Using Parsedown <https://github.com/erusev/parsedown> PHP lib. * Includes basic markdown CSS. * Style: removed 400px height max limit for shaares. * Unit tests.
2015-11-17 21:01:11 +01:00
return $processedDescription;
}
Reference in a new issue Copy permalink