1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00

Allow extension to "vouch" for raw HTML they produce

Rename "unsafeHtml" to "rawHtml"
This commit is contained in:
Aidan Woods 2018-03-15 19:46:03 +00:00
parent ef7ed7b66c
commit 3fc54bc966
No known key found for this signature in database
GPG Key ID: 9A6A8EFAA512BBB9
4 changed files with 78 additions and 26 deletions

View File

@ -1488,18 +1488,33 @@ class Parsedown
}
}
$unsafeHtml = false;
$permitRawHtml = false;
if (isset($Element['text']))
{
$text = $Element['text'];
}
// very strongly consider an alternative if you're writing an
// extension
elseif (isset($Element['unsafeHtml']))
elseif (isset($Element['rawHtml']))
{
$text = $Element['unsafeHtml'];
$text = $Element['rawHtml'];
$unsafeHtml = true;
$allowRawHtmlInSafeMode = false;
if (isset($Element['allowRawHtmlInSafeMode']))
{
$allowRawHtmlInSafeMode = (true === $Element['allowRawHtmlInSafeMode']);
}
if ($this->safeMode !== true)
{
$permitRawHtml = true;
}
elseif ($this->safeMode and $allowRawHtmlInSafeMode)
{
$permitRawHtml = true;
}
}
if (isset($text))
@ -1515,7 +1530,7 @@ class Parsedown
{
$markup .= $this->{$Element['handler']}($text, $Element['nonNestables']);
}
elseif ($unsafeHtml !== true or $this->safeMode)
elseif ($permitRawHtml !== true)
{
$markup .= self::escape($text, true);
}

View File

@ -1,5 +1,5 @@
<?php
require 'UnsafeExtension.php';
require 'SampleExtensions.php';
use PHPUnit\Framework\TestCase;
@ -56,7 +56,7 @@ class ParsedownTest extends TestCase
$this->assertEquals($expectedMarkup, $actualMarkup);
}
function testUnsafeHtml()
function testRawHtml()
{
$markdown = "```php\nfoobar\n```";
$expectedMarkup = '<pre><code class="language-php"><p>foobar</p></code></pre>';
@ -73,6 +73,23 @@ class ParsedownTest extends TestCase
$this->assertEquals($expectedSafeMarkup, $actualSafeMarkup);
}
function testTrustDelegatedRawHtml()
{
$markdown = "```php\nfoobar\n```";
$expectedMarkup = '<pre><code class="language-php"><p>foobar</p></code></pre>';
$expectedSafeMarkup = $expectedMarkup;
$unsafeExtension = new TrustDelegatedExtension;
$actualMarkup = $unsafeExtension->text($markdown);
$this->assertEquals($expectedMarkup, $actualMarkup);
$unsafeExtension->setSafeMode(true);
$actualSafeMarkup = $unsafeExtension->text($markdown);
$this->assertEquals($expectedSafeMarkup, $actualSafeMarkup);
}
function data()
{
$data = array();

39
test/SampleExtensions.php Normal file
View File

@ -0,0 +1,39 @@
<?php
class UnsafeExtension extends Parsedown
{
protected function blockFencedCodeComplete($Block)
{
$text = $Block['element']['text']['text'];
unset($Block['element']['text']['text']);
// WARNING: There is almost always a better way of doing things!
//
// This example is one of them, unsafe behaviour is NOT needed here.
// Only use this if you trust the input and have no idea what
// the output HTML will look like (e.g. using an external parser).
$Block['element']['text']['rawHtml'] = "<p>$text</p>";
return $Block;
}
}
class TrustDelegatedExtension extends Parsedown
{
protected function blockFencedCodeComplete($Block)
{
$text = $Block['element']['text']['text'];
unset($Block['element']['text']['text']);
// WARNING: There is almost always a better way of doing things!
//
// This example is one of them, unsafe behaviour is NOT needed here.
// Only use this if you trust the input and have no idea what
// the output HTML will look like (e.g. using an external parser).
$Block['element']['text']['rawHtml'] = "<p>$text</p>";
$Block['element']['text']['allowRawHtmlInSafeMode'] = true;
return $Block;
}
}

View File

@ -1,19 +0,0 @@
<?php
class UnsafeExtension extends Parsedown
{
protected function blockFencedCodeComplete($Block)
{
$text = $Block['element']['text']['text'];
unset($Block['element']['text']['text']);
// WARNING: There is almost always a better way of doing things!
//
// This example is one of them, unsafe behaviour is NOT needed here.
// Only use this if you trust the input and have no idea what
// the output HTML will look like (e.g. using an external parser).
$Block['element']['text']['unsafeHtml'] = "<p>$text</p>";
return $Block;
}
}