content (already escaped by Parsedown).
@@ -137,13 +300,17 @@ function sanitize_html($description)
foreach ($escapeTags as $tag) {
$description = preg_replace_callback(
'#<\s*'. $tag .'[^>]*>(.*\s*'. $tag .'[^>]*>)?#is',
- function ($match) { return escape($match[0]); },
- $description);
+ function ($match) {
+ return escape($match[0]);
+ },
+ $description
+ );
}
$description = preg_replace(
- '#(<[^>]+)on[a-z]*="[^"]*"#is',
+ '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
'$1',
- $description);
+ $description
+ );
return $description;
}
@@ -156,27 +323,41 @@ function sanitize_html($description)
* 5. Wrap description in 'markdown' CSS class.
*
* @param string $description input description text.
+ * @param bool $escape escape HTML entities
*
* @return string HTML processed $description.
*/
-function process_markdown($description)
+function process_markdown($description, $escape = true, $allowedProtocols = [])
{
$parsedown = new Parsedown();
$processedDescription = $description;
- $processedDescription = reverse_text2clickable($processedDescription);
$processedDescription = reverse_nl2br($processedDescription);
$processedDescription = reverse_space2nbsp($processedDescription);
+ $processedDescription = reverse_text2clickable($processedDescription);
+ $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
$processedDescription = unescape($processedDescription);
$processedDescription = $parsedown
- ->setMarkupEscaped(false)
+ ->setMarkupEscaped($escape)
->setBreaksEnabled(true)
->text($processedDescription);
$processedDescription = sanitize_html($processedDescription);
- if(!empty($processedDescription)){
+ if (!empty($processedDescription)) {
$processedDescription = ''. $processedDescription . '
';
}
return $processedDescription;
}
+
+/**
+ * This function is never called, but contains translation calls for GNU gettext extraction.
+ */
+function markdown_dummy_translation()
+{
+ // meta
+ t('Render shaare description with Markdown syntax.
Warning:
+If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+See the README.');
+}