mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity

Add unsafeHtml option for extensions to use on trusted input

Browse Source
This commit is contained in:
Aidan Woods 2018-03-15 10:42:29 +00:00
parent a3265e7c6f
commit e6444bb57e
No known key found for this signature in database
GPG Key ID: 9A6A8EFAA512BBB9
3 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Parsedown.php
View File

@ -1488,7 +1488,20 @@ class Parsedown
} }
} }
$unsafeHtml = false;
if (isset($Element['text'])) if (isset($Element['text']))
{
$text = $Element['text'];
}
// very strongly consider an alternative if you're writing an
// extension
elseif (isset($Element['unsafeHtml']) and !$this->safeMode)
{
$text = $Element['unsafeHtml'];
$unsafeHtml = true;
}
if (isset($text))
{ {
$markup .= $hasName ? '>' : ''; $markup .= $hasName ? '>' : '';
@ -1499,11 +1512,15 @@ class Parsedown
if (isset($Element['handler'])) if (isset($Element['handler']))
{ {
$markup .= $this->{$Element['handler']}($Element['text'], $Element['nonNestables']); $markup .= $this->{$Element['handler']}($text, $Element['nonNestables']);
}
elseif ($unsafeHtml !== true or $this->safeMode)
{
$markup .= self::escape($text, true);
} }
else else
{ {
$markup .= self::escape($Element['text'], true); $markup .= $text;
} }
$markup .= $hasName ? '</'.$Element['name'].'>' : ''; $markup .= $hasName ? '</'.$Element['name'].'>' : '';

12
test/ParsedownTest.php
View File

@ -1,4 +1,5 @@
<?php <?php
require 'UnsafeExtension.php';
use PHPUnit\Framework\TestCase; use PHPUnit\Framework\TestCase;
@ -55,6 +56,17 @@ class ParsedownTest extends TestCase
$this->assertEquals($expectedMarkup, $actualMarkup); $this->assertEquals($expectedMarkup, $actualMarkup);
} }
function testUnsafeHtml()
{
$markdown = "```php\nfoobar\n```";
$expectedMarkup = '<pre><code class="language-php"><p>foobar</p></code></pre>';
$unsafeExtension = new UnsafeExtension;
$actualMarkup = $unsafeExtension->text($markdown);
$this->assertEquals($expectedMarkup, $actualMarkup);
}
function data() function data()
{ {
$data = array(); $data = array();

14
test/UnsafeExtension.php Normal file
View File

@ -0,0 +1,14 @@
<?php
class UnsafeExtension extends Parsedown
{
protected function blockFencedCodeComplete($Block)
{
$text = $Block['element']['text']['text'];
unset($Block['element']['text']['text']);
$Block['element']['text']['unsafeHtml'] = "<p>$text</p>";
return $Block;
}
}