ecabe9b Escape html tags in marked found outside of code blocks — radicle-explorer

Radicle web interface

Escape html tags in marked found outside of code blocks

Sebastian Martinez committed 2 years ago

commit ecabe9b7a8fd279858abb15fb177c20389a54d73
parent ab222edc521950f232c114210acaa6df92f0965a

5 files changed +29 -2

modified src/components/InlineMarkdown.svelte

@@ -2,13 +2,14 @@

   import dompurify from "dompurify";
   import { marked } from "marked";
   import { renderer } from "@app/lib/markdown";
   import { renderer, walkTokens } from "@app/lib/markdown";
   import { twemoji } from "@app/lib/utils";
   export let content: string;
   export let fontSize: "tiny" | "small" | "medium" = "small";
   marked.use({
     walkTokens,
     renderer,
     // TODO: Disables deprecated options, remove once removed from marked
     mangle: false,

modified src/components/Markdown.svelte

@@ -12,6 +12,7 @@

   import {
     markdownExtensions as extensions,
     renderer,
     walkTokens,
   } from "@app/lib/markdown";
   import { updateProjectRoute } from "@app/views/projects/router";

@@ -26,6 +27,7 @@

   );
   marked.use({
     extensions,
     walkTokens,
     renderer,
     // TODO: Disables deprecated options, remove once removed from marked
     mangle: false,

modified src/lib/markdown.ts

@@ -1,7 +1,9 @@

 import emojis from "@app/lib/emojis";
 import katex from "katex";
 import { marked } from "marked";
 import { isUrl } from "./utils";
 import { isUrl } from "@app/lib/utils";
 const trustedHtmlTags = ["small", "dl", "dt", "dd", "code"];
 // TODO: Disables deprecated options, remove once removed from marked
 marked.use({ mangle: false, headerIds: false });

@@ -118,6 +120,18 @@ const anchorMarkedExtension = {

   },
 };
 export const walkTokens = (token: marked.Tokens.Generic) => {
   if (token.type !== "code" && token.type !== "codespan" && "text" in token) {
     if (trustedHtmlTags.some(tag => token.text.includes(tag))) {
       return;
     }
     token.text = token.text.replace(
       /<([^>]+)>/g,
       (_match: RegExpMatchArray, tagContent: string) => `&lt;${tagContent}&gt;`,
     );
   }
 };
 export const renderer = {
   // Overwrites the rendering of heading tokens.
   // Since there are possible non ASCII characters in headings,

modified tests/fixtures/repos/markdown.tar.bz2

modified tests/visual/markdown.spec.ts

@@ -173,3 +173,13 @@ test("relative image not able to being loaded", async ({ page }) => {

   });
   await expect(page).toHaveScreenshot({ fullPage: true });
 });
 test("rendering of html tags", async ({ page }) => {
   await page.goto(`${markdownUrl}/tree/main/tag-rendering.md#html-tags`, {
     waitUntil: "networkidle",
   });
   await expect(
     page.locator("text=Rendering of html tags").first(),
   ).toBeVisible();
   await expect(page).toHaveScreenshot({ fullPage: true });
 });