[^ ]+!m', '$1', $description); } /** * Remove
tag to let markdown handle it. * * @param string $description input description text. * * @return string $description without
tags. */ function reverse_nl2br($description) { return preg_replace('!
!im', '', $description); } /** * Remove HTML spaces ' ' auto generated by Shaarli core system. * * @param string $description input description text. * * @return string $description without HTML links. */ function reverse_space2nbsp($description) { return preg_replace('/(^| ) /m', '$1 ', $description); } /** * Remove dangerous HTML tags (tags, iframe, etc.). * Doesn't affect

 content (already escaped by Parsedown).
 *
 * @param string $description input description text.
 *
 * @return string given string escaped.
 */
function sanitize_html($description)
{
    $escapeTags = array(
        'script',
        'style',
        'link',
        'iframe',
        'frameset',
        'frame',
    );
    foreach ($escapeTags as $tag) {
        $description = preg_replace_callback(
            '#<\s*'. $tag .'[^>]*>(.*]*>)?#is',
            function ($match) { return escape($match[0]); },
            $description);
    }
    $description = preg_replace(
        '#(<[^>]+)on[a-z]*="[^"]*"#is',
        '$1',
        $description);
    return $description;
}

/**
 * Render shaare contents through Markdown parser.
 *   1. Remove HTML generated by Shaarli core.
 *   2. Reverse the escape function.
 *   3. Generate markdown descriptions.
 *   4. Sanitize sensible HTML tags for security.
 *   5. Wrap description in 'markdown' CSS class.
 *
 * @param string $description input description text.
 *
 * @return string HTML processed $description.
 */
function process_markdown($description)
{
    $parsedown = new Parsedown();

    $processedDescription = $description;
    $processedDescription = reverse_text2clickable($processedDescription);
    $processedDescription = reverse_nl2br($processedDescription);
    $processedDescription = reverse_space2nbsp($processedDescription);
    $processedDescription = unescape($processedDescription);
    $processedDescription = $parsedown
        ->setMarkupEscaped(false)
        ->setBreaksEnabled(true)
        ->text($processedDescription);
    $processedDescription = sanitize_html($processedDescription);

    if(!empty($processedDescription)){
        $processedDescription = ''. $processedDescription . '';
    }

    return $processedDescription;
}