content (already escaped by Parsedown).
- *
- * @param string $description input description text.
- *
- * @return string given string escaped.
- */
-function sanitize_html($description)
-{
- $escapeTags = array(
- 'script',
- 'style',
- 'link',
- 'iframe',
- 'frameset',
- 'frame',
- );
- foreach ($escapeTags as $tag) {
- $description = preg_replace_callback(
- '#<\s*'. $tag .'[^>]*>(.*\s*'. $tag .'[^>]*>)?#is',
- function ($match) {
- return escape($match[0]);
- },
- $description
- );
- }
- $description = preg_replace(
- '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
- '$1',
- $description
- );
- return $description;
-}
-
-/**
- * Render shaare contents through Markdown parser.
- * 1. Remove HTML generated by Shaarli core.
- * 2. Reverse the escape function.
- * 3. Generate markdown descriptions.
- * 4. Sanitize sensible HTML tags for security.
- * 5. Wrap description in 'markdown' CSS class.
- *
- * @param string $description input description text.
- * @param bool $escape escape HTML entities
- *
- * @return string HTML processed $description.
- */
-function process_markdown($description, $escape = true, $allowedProtocols = [])
-{
- $parsedown = new Parsedown();
-
- $processedDescription = $description;
- $processedDescription = reverse_nl2br($processedDescription);
- $processedDescription = reverse_space2nbsp($processedDescription);
- $processedDescription = reverse_text2clickable($processedDescription);
- $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
- $processedDescription = unescape($processedDescription);
- $processedDescription = $parsedown
- ->setMarkupEscaped($escape)
- ->setBreaksEnabled(true)
- ->text($processedDescription);
- $processedDescription = sanitize_html($processedDescription);
-
- if (!empty($processedDescription)) {
- $processedDescription = ''. $processedDescription . '
';
- }
-
- return $processedDescription;
-}
-
-/**
- * This function is never called, but contains translation calls for GNU gettext extraction.
- */
-function markdown_dummy_translation()
-{
- // meta
- t('Render shaare description with Markdown syntax.
Warning:
-If your shaared descriptions contained HTML tags before enabling the markdown plugin,
-enabling it might break your page.
-See the README.');
-}