content (already escaped by Parsedown).
@@ -141,7 +297,7 @@ function sanitize_html($description)
$description);
}
$description = preg_replace(
- '#(<[^>]+)on[a-z]*="[^"]*"#is',
+ '#(<[^>]+\s)on[a-z]*="?[^ "]*"?#is',
'$1',
$description);
return $description;
@@ -156,24 +312,41 @@ function sanitize_html($description)
* 5. Wrap description in 'markdown' CSS class.
*
* @param string $description input description text.
+ * @param bool $escape escape HTML entities
*
* @return string HTML processed $description.
*/
-function process_markdown($description)
+function process_markdown($description, $escape = true, $allowedProtocols = [])
{
$parsedown = new Parsedown();
$processedDescription = $description;
- $processedDescription = reverse_text2clickable($processedDescription);
$processedDescription = reverse_nl2br($processedDescription);
$processedDescription = reverse_space2nbsp($processedDescription);
+ $processedDescription = reverse_text2clickable($processedDescription);
+ $processedDescription = filter_protocols($processedDescription, $allowedProtocols);
$processedDescription = unescape($processedDescription);
$processedDescription = $parsedown
- ->setMarkupEscaped(false)
+ ->setMarkupEscaped($escape)
->setBreaksEnabled(true)
->text($processedDescription);
$processedDescription = sanitize_html($processedDescription);
- $processedDescription = ''. $processedDescription . '
';
+
+ if(!empty($processedDescription)){
+ $processedDescription = ''. $processedDescription . '
';
+ }
return $processedDescription;
}
+
+/**
+ * This function is never called, but contains translation calls for GNU gettext extraction.
+ */
+function markdown_dummy_translation()
+{
+ // meta
+ t('Render shaare description with Markdown syntax.
Warning:
+If your shaared descriptions contained HTML tags before enabling the markdown plugin,
+enabling it might break your page.
+See the README.');
+}