iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

markdown: let Parsedown escape content 

Letting Parsedown escape the content, instead of calling
htmlspecialchars provides more context to the escape process.
For example the ampersand character can now be used in markdown links as
part of the url without breaking.
This commit is contained in:
Tobias Wiese 2021-12-29 17:14:11 +01:00 committed by Igor Scheller
parent e2a99a5b1d
commit 9db8773150
2 changed files with 13 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Renderer/Twig/Extensions/Markdown.php
View File

@ -40,10 +40,6 @@ class Markdown extends TwigExtension
*/
public function render(string $text, bool $escapeHtml = true): string
{
if ($escapeHtml) {
$text = htmlspecialchars($text);
}
return $this->renderer->text($text);
return $this->renderer->setSafeMode($escapeHtml)->text($text);
}
}

37
tests/Unit/Renderer/Twig/Extensions/MarkdownTest.php
View File

@ -13,10 +13,7 @@ class MarkdownTest extends ExtensionTest
*/
public function testGeFilters()
{
/** @var Parsedown|MockObject $renderer */
$renderer = $this->createMock(Parsedown::class);
$extension = new Markdown($renderer);
$extension = new Markdown(new Parsedown());
$filters = $extension->getFilters();
$this->assertExtensionExists('markdown', [$extension, 'render'], $filters);
@ -29,17 +26,12 @@ class MarkdownTest extends ExtensionTest
*/
public function testRender()
{
/** @var Parsedown|MockObject $renderer */
$renderer = $this->createMock(Parsedown::class);
$extension = new Markdown(new Parsedown());
$return = '<p>Lorem <em>&quot;Ipsum&quot;</em></p>';
$renderer->expects($this->once())
->method('text')
->with('Lorem *&quot;Ipsum&quot;*')
->willReturn($return);
$extension = new Markdown($renderer);
$this->assertEquals($return, $extension->render('Lorem *"Ipsum"*'));
$this->assertEquals(
'<p>&lt;i&gt;Lorem&lt;/i&gt; <em>&quot;Ipsum&quot;</em></p>',
$extension->render('<i>Lorem</i> *"Ipsum"*'),
);
}
/**
@ -47,17 +39,12 @@ class MarkdownTest extends ExtensionTest
*/
public function testRenderHtml()
{
/** @var Parsedown|MockObject $renderer */
$renderer = $this->createMock(Parsedown::class);
$input = '<i>**test**</i>';
$return = '<p><strong><i>**test**</i></strong></p>';
$renderer->expects($this->once())
->method('text')
->with($input)
->willReturn($return);
$renderer = new Parsedown();
$extension = new Markdown($renderer);
$this->assertEquals($return, $extension->render($input, false));
$this->assertEquals(
'<p><i>Lorem</i> <em>&quot;Ipsum&quot;</em></p>',
$extension->render('<i>Lorem</i> *"Ipsum"*', false),
);
}
}