Skip to content

Commit

Permalink
Sanitize markdown output
Browse files Browse the repository at this point in the history
  • Loading branch information
@giuscris
giuscris committed Jun 15, 2024
1 parent abaa220 commit 6ddbbd3
Showing 1 changed file with 9 additions and 7 deletions.
16 changes: 9 additions & 7 deletions formwork/src/Parsers/Markdown.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@

use Formwork\App;
use Formwork\Parsers\Extensions\CommonMark\LinkBaseExtension;
use Formwork\Sanitizer\HtmlSanitizer;
use League\CommonMark\Environment\Environment;
use League\CommonMark\Extension\CommonMark\CommonMarkCoreExtension;
use League\CommonMark\Extension\DisallowedRawHtml\DisallowedRawHtmlExtension;
use League\CommonMark\Extension\Table\TableExtension;
use League\CommonMark\MarkdownConverter;

Expand All @@ -22,19 +22,21 @@ public static function parse(string $input, array $options = []): string
$safeMode = App::instance()->config()->get('system.content.safeMode', true);

$environment = new Environment([
'html_input' => $safeMode ? 'escape' : 'allow',
'allow_unsafe_links' => false,
'max_nesting_level' => 10,
'formwork' => $options,
'html_input' => $safeMode ? 'escape' : 'allow',
'max_nesting_level' => 10,
'formwork' => $options,
]);

$environment->addExtension(new CommonMarkCoreExtension());
$environment->addExtension(new TableExtension());
$environment->addExtension(new LinkBaseExtension());
$environment->addExtension(new DisallowedRawHtmlExtension());

$markdownConverter = new MarkdownConverter($environment);

return $markdownConverter->convert($input);
$html = $markdownConverter->convert($input);

$htmlSanitizer = new HtmlSanitizer();

return $htmlSanitizer->sanitize($html);
}
}

0 comments on commit 6ddbbd3

Please sign in to comment.