From 7073ac3ed1c5cd141bed2bcba608f590f0ea5fe1 Mon Sep 17 00:00:00 2001 From: Aidan Woods Date: Mon, 30 Dec 2019 22:36:46 +0000 Subject: [PATCH 1/3] Dev for 1.7.4 --- Parsedown.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Parsedown.php b/Parsedown.php index a34b44f0f..fab15e9ee 100644 --- a/Parsedown.php +++ b/Parsedown.php @@ -17,7 +17,7 @@ class Parsedown { # ~ - const version = '1.7.3'; + const version = '1.7.4-dev'; # ~ From add8d18c804cd229d7c4e24308449d587219fea5 Mon Sep 17 00:00:00 2001 From: Aidan Woods Date: Mon, 30 Dec 2019 22:31:43 +0000 Subject: [PATCH 2/3] Add rawHtml without using it (extensions may opt-in) --- Parsedown.php | 25 ++++++++++++++++++++++--- test/ParsedownTest.php | 36 ++++++++++++++++++++++++++++++++++++ test/SampleExtensions.php | 39 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 test/SampleExtensions.php diff --git a/Parsedown.php b/Parsedown.php index fab15e9ee..f4249bb6a 100644 --- a/Parsedown.php +++ b/Parsedown.php @@ -1489,22 +1489,41 @@ protected function element(array $Element) } } + $permitRawHtml = false; + if (isset($Element['text'])) + { + $text = $Element['text']; + } + // very strongly consider an alternative if you're writing an + // extension + elseif (isset($Element['rawHtml'])) + { + $text = $Element['rawHtml']; + $allowRawHtmlInSafeMode = isset($Element['allowRawHtmlInSafeMode']) && $Element['allowRawHtmlInSafeMode']; + $permitRawHtml = !$this->safeMode || $allowRawHtmlInSafeMode; + } + + if (isset($text)) { $markup .= '>'; - if (!isset($Element['nonNestables'])) + if (!isset($Element['nonNestables'])) { $Element['nonNestables'] = array(); } if (isset($Element['handler'])) { - $markup .= $this->{$Element['handler']}($Element['text'], $Element['nonNestables']); + $markup .= $this->{$Element['handler']}($text, $Element['nonNestables']); + } + elseif (!$permitRawHtml) + { + $markup .= self::escape($text, true); } else { - $markup .= self::escape($Element['text'], true); + $markup .= $text; } $markup .= ''; diff --git a/test/ParsedownTest.php b/test/ParsedownTest.php index c28cedf67..284f5e91e 100644 --- a/test/ParsedownTest.php +++ b/test/ParsedownTest.php @@ -1,5 +1,7 @@ assertEquals($expectedMarkup, $actualMarkup); } + function testRawHtml() + { + $markdown = "```php\nfoobar\n```"; + $expectedMarkup = '
foobar
'; + $expectedSafeMarkup = '
<p>foobar</p>
'; + + $unsafeExtension = new UnsafeExtension; + $actualMarkup = $unsafeExtension->text($markdown); + + $this->assertEquals($expectedMarkup, $actualMarkup); + + $unsafeExtension->setSafeMode(true); + $actualSafeMarkup = $unsafeExtension->text($markdown); + + $this->assertEquals($expectedSafeMarkup, $actualSafeMarkup); + } + + function testTrustDelegatedRawHtml() + { + $markdown = "```php\nfoobar\n```"; + $expectedMarkup = '
foobar
'; + $expectedSafeMarkup = $expectedMarkup; + + $unsafeExtension = new TrustDelegatedExtension; + $actualMarkup = $unsafeExtension->text($markdown); + + $this->assertEquals($expectedMarkup, $actualMarkup); + + $unsafeExtension->setSafeMode(true); + $actualSafeMarkup = $unsafeExtension->text($markdown); + + $this->assertEquals($expectedSafeMarkup, $actualSafeMarkup); + } + function data() { $data = array(); diff --git a/test/SampleExtensions.php b/test/SampleExtensions.php new file mode 100644 index 000000000..1889146b7 --- /dev/null +++ b/test/SampleExtensions.php @@ -0,0 +1,39 @@ +$text

"; + + return $Block; + } +} + +class TrustDelegatedExtension extends Parsedown +{ + protected function blockFencedCodeComplete($Block) + { + $text = $Block['element']['text']['text']; + unset($Block['element']['text']['text']); + + // WARNING: There is almost always a better way of doing things! + // + // This behaviour is NOT needed in the demonstrated case. + // Only use this if you are sure that the result being added into + // rawHtml is safe. + // (e.g. using an external parser with escaping capabilities). + $Block['element']['text']['rawHtml'] = "

$text

"; + $Block['element']['text']['allowRawHtmlInSafeMode'] = true; + + return $Block; + } +} From 791faca8af0a5542becb313bde3d849c068b4160 Mon Sep 17 00:00:00 2001 From: Aidan Woods Date: Mon, 30 Dec 2019 22:47:43 +0000 Subject: [PATCH 3/3] Test on 7.4 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 7a8ba35f3..6ac8a303b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,6 +14,7 @@ matrix: - php: 7.1 - php: 7.2 - php: 7.3 + - php: 7.4 - php: nightly fast_finish: true allow_failures: