content (already escaped by Parsedown).
@@ -252,13 +300,17 @@ function sanitize_html($description)
foreach ($escapeTags as $tag) {
$description = preg_replace_callback(
'#<\s*'. $tag .'[^>]*>(.*\s*'. $tag .'[^>]*>)?#is',
- function ($match) { return escape($match[0]); },
- $description);
+ function ($match) {
+ return escape($match[0]);
+ },
+ $description
+ );
}
$description = preg_replace(
- '#(<[^>]+)on[a-z]*="?[^ "]*"?#is',
+ '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
'$1',
- $description);
+ $description
+ );
return $description;
}
@@ -275,7 +327,7 @@ function sanitize_html($description)
*
* @return string HTML processed $description.
*/
-function process_markdown($description, $escape = true)
+function process_markdown($description, $escape = true, $allowedProtocols = [])
{
$parsedown = new Parsedown();
@@ -283,6 +335,7 @@ function process_markdown($description, $escape = true)
$processedDescription = reverse_nl2br($processedDescription);
$processedDescription = reverse_space2nbsp($processedDescription);
$processedDescription = reverse_text2clickable($processedDescription);
+ $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
$processedDescription = unescape($processedDescription);
$processedDescription = $parsedown
->setMarkupEscaped($escape)
@@ -290,9 +343,21 @@ function process_markdown($description, $escape = true)
->text($processedDescription);
$processedDescription = sanitize_html($processedDescription);
- if(!empty($processedDescription)){
+ if (!empty($processedDescription)) {
$processedDescription = ''. $processedDescription . '
';
}
return $processedDescription;
}
+
+/**
+ * This function is never called, but contains translation calls for GNU gettext extraction.
+ */
+function markdown_dummy_translation()
+{
+ // meta
+ t('Render shaare description with Markdown syntax.
Warning:
+If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+See the README.');
+}