Skip to content

Add support for HTML blocks.#34

Closed
marijnh wants to merge 1 commit into
evilstreak:masterfrom
marijnh:master
Closed

Add support for HTML blocks.#34
marijnh wants to merge 1 commit into
evilstreak:masterfrom
marijnh:master

Conversation

@marijnh

@marijnh marijnh commented Nov 1, 2011

Copy link
Copy Markdown

No description provided.

As per http://daringfireball.net/projects/markdown/syntax#html

The __RAW extension to jsonml is a bit ugly. Feel free to suggest a
better approach.
@bentruyman

Copy link
Copy Markdown

+1 for this. This is a blocker for us.

@rummik

rummik commented Apr 7, 2012

Copy link
Copy Markdown

I think the issue here is < and > escaping (plus a couple others) should be optional, and & should only be escaped when not part of an entity (Something similar to /&([a-z]+|#[0-9]+);/i)

At the same time, extending JsonML with something similar __RAW would be useful in some cases -- like, if you're running Markdown before passing things off to a templater.

@jchouse

jchouse commented Aug 23, 2012

Copy link
Copy Markdown

+1 fir this. Really need this feature.

@footya

footya commented Sep 21, 2012

Copy link
Copy Markdown

It is just what I need

@mattly

mattly commented Oct 22, 2012

Copy link
Copy Markdown

+1, this is a blocker for us as well.

@natevw

natevw commented Nov 10, 2012

Copy link
Copy Markdown

+a lot

I based my blog engine off of this, and now every time I want to use a real <i></i>, or add a table, or embed HTML5 video, or, or... I get tripped up because my Markdown library doesn't support all of Markdown :-(

@spacez320

Copy link
Copy Markdown

This is the first Markdown instance that I've worked with that doesn't allow inline HTML. +1

@thisandagain

Copy link
Copy Markdown

+1

@michaek

michaek commented Apr 29, 2013

Copy link
Copy Markdown

I'm sure you're aware of it, but I'd like to reiterate that Markdown is designed to support inline HTML. http://daringfireball.net/projects/markdown/syntax#html

@evilstreak

Copy link
Copy Markdown
Owner

I have no issue with supporting inline HTML. This pull request needs some tests before it's ready to be merged. It's on my list but it's several items down, so it could be a while until I get to it. If anyone else wants to contribute some tests that'd be super.

@ashb

ashb commented Apr 29, 2013

Copy link
Copy Markdown
Collaborator

Since we haven't previously supported inline HTML this change is a potentially breaking/insecure change (with this change it is possible to add malicious <script> tags that were safe before) so I think this feature also needs to be put behind a feature/option switch that is off by default.

@michaek

michaek commented Apr 29, 2013

Copy link
Copy Markdown

I think it makes sense to have inline HTML off by default. For most use cases, it's probably expected not to inline HTML.

If I get approval to do it (from my employer), I'll see about taking a look at the commit and adding some tests.

@ashb

ashb commented Apr 29, 2013

Copy link
Copy Markdown
Collaborator

Sweet.

For added fun this approach seems to cause problems with HTML in code blocks: sbstjn/node-blog#3 (comment) which will need looking at too.

If you do it on company time we are happy to have a "Some development sponsored by company.com" in the Readme etc.

@michaek

michaek commented Apr 29, 2013

Copy link
Copy Markdown

That makes sense, but it's not immediately clear to me whether HTML should always remain unescaped within code blocks. We can make that assumption, if that's what seems right, though.

Identifying HTML blocks with a regex is bound to expose some edge cases, too. After all: http://www.codinghorror.com/blog/2009/11/parsing-html-the-cthulhu-way.html

@evilstreak

Copy link
Copy Markdown
Owner

If there's doubt about how a piece of markup should be interpreted, we use Babelmark to see what the general consensus is.

In this case, code blocks take priority over HTML.

@michaek

michaek commented May 2, 2013

Copy link
Copy Markdown

I've been thinking about this. I agree that code blocks should be escaped, but I don't think anything outside code blocks should be escaped by default. Turning on global escaping may still be an option, but I have changed my position on the default.

If we're concerned about the security of escaping user strings, that seems out of scope for markdown. User strings should be handled as appropriate by the implementing application, not by this library. That seems more in keeping with the spirit of Markdown, and more consistent with other Markdown implementations.

I don't think there is any reason to try to identify HTML with a regex, so this pull request should probably be closed (and not merged).

dtao added a commit to dtao/markdown-js that referenced this pull request Jul 2, 2013
- tests for @marijnh's HTML block commit
- support self-closing HTML tags
- default to code blocks where indented
@dtao

dtao commented Jul 2, 2013

Copy link
Copy Markdown

I submitted pull request #98 with tests for this change, as @evilstreak requested.

@ghost

ghost commented Aug 29, 2013

Copy link
Copy Markdown

+1

hegemonic pushed a commit to jsdoc3/markdown-js that referenced this pull request Nov 2, 2013
- tests for @marijnh's HTML block commit
- support self-closing HTML tags
- default to code blocks where indented
hegemonic added a commit to jsdoc3/markdown-js that referenced this pull request Nov 2, 2013
@marijnh marijnh closed this Nov 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.