(Refactor) Use CommonMark for markdown parsing #4305
Conversation
|
Thank you! I'm not entirely sure about the mb_convert_encoding replacement. I found this: https://php.watch/versions/8.2/mbstring-qprint-base64-uuencode-html-entities-deprecated#html which lists some proposed replacements. However, it should be noted that markdown is currently a staff-only feature and anyone with a staff rank can already change user passwords and such so them being allowed to XSS as well isn't a huge worry. |
|
I was more thinking about not breaking existing pages created which are already using custom HTML tags. Looks like |
|
OK looks like I got it using some ugly hack but it produces the same results as the original version now. Let me know if this breaks anything for you. |
IonBazan
force-pushed
the
feature/markdown-entities
branch
from
c584019 to
bf43aa2
Compare
There was a problem hiding this comment.
I noticed your code is very similar to what they used in the yet-to-be-merged upstream code: https://www.github.com/erusev/parsedown-extra/pull/176.
So in that case, looks good!
Thank you!
|
One more thing before we merge - I added a handy https://github.com/GrahamCampbell/Laravel-Markdown wrapper for CommonMark and added tests comparing both engines capabilities. You can see that the results are pretty much the same (most failures are due to different If you think this approach is good enough, I can remove our current implementation and use CommonMark instead, after updating these failing tests. Let me know if you like this idea. Please note that CommonMark is already required by Laravel itself (it's used in email views) so the only package I'm adding is a well-maintained wrapper:
|
|
I haven't tested this yet, but in my own wiki articles, I use the feature for adding If you like, I can temporarily add you to a private repo where I store a backup of my own personal wikis if you want some real data to test on. However, I do use a very tiny amount of bbcode and sometimes html in some of them which isn't handled here. |
|
That would be very helpful - feel free to use my username or the email I used for the commits to send the invitation to the repo. Regarding BBCode, it's actually applied separately by another parser, you can check |
|
Just checked that the feature you need is already enabled thanks to Seems that the Abbreviations syntax supported by the extension I mentioned earlier is different from previously used standard. Therefore I suggest users use Since there are no massive breaking changes besides of this feature, I suggest we go with replacing the MD library and updating the tests. I can try keeping both implementations green with some conditional expectations or duplicating these tests so that we don't lose coverage. |
|
Ah, you're correct. I think the wrapper would be a good idea as well. The only downside I can see happening is that it usually takes a few weeks/months after a new laravel version is released before that package is updated. I've also sent you that invitation. Thanks again! |
IonBazan
changed the title
|
@IonBazan thanks for yet another contribution. Reviewed it code wise and looks good to me. I'll have time Friday to test locally and if all goes well merge. |
|
Thanks, I think we should be good to remove the previous engine once we confirm everything is working as expected too in the next release. |
Adds some tests to cover most of
MarkdownandMarkdownExtraservices. This should be helpful when migrating to another engine in the future.Fixes #4283 I'm not sure if using
htmlentities()is correct here though - I think it should only be used when safe mode is on (see tests).Helperscoverage looks as follows now: