Rendering Markdown/HTML

[Tim Duffy]

Hello AppRochester!

First, thank you all for having me at the meeting this week to present on Yellr!

At the moment, we write our stories using Markdown.  This can be rendered to HTML on the server.  Does anyone have any suggestions on the best practices to render Markdown or HTML (both with images) on Android ( minimum API of 15 )?

I went down the route of rendering HTML in a TextView, however I can't do images.  Using WebView sounded good, but my understanding is that it's pretty dangerous from a security stand point.

It looks like there is a solution using the Eclipse-based version of the IDE, however not with Android Studio ( ref: http://uncodin.github.io/bypass/ ).

Any assistance as to where else I should look would be awesome :).

Thanks,

-TD

--

Tim Duffy

http://timduffy.me/

(585)-210-8353

@arbiterofbits

[Tim Poulsen]

Tim,

There are a few libraries I found with a quick Google for native rendering http://uncodin.github.io/bypass/ and https://gun.io/blog/markdown-view-for-android/ that provide a possible way to do this. I haven't used them (I don't do Java-based Android development).

I wouldn't recommend rendering markdown directly in a webview on the client, though it could be done. JS libraries like https://github.com/evilstreak/markdown-js will work in the browser. You'd pass the markdown to the client to render in a WebView loading a local HTML file, which does an AJAX call to retrieve the markdown from your server. However, at least on older Android devices, this is likely to be pretty darn slow. Pre-4.3 (maybe even 4.4) the webview component was rather lame.

Likely a better alternative is to do the Markdown->HTML conversion on the server and pass just HTML to the client. I'm not sure what security concerns there would be using that technique. The Markdown -> HTML conversion is going to create a safe subset of HTML (no script tag, embeds, etc.). With an HTTPS connection, hard-coded into the app, it would be challenging for someone to launch MITM or XSS attack. You could enhance security by loading a local HTML file, which loads local stylesheets. Big advantage is that the server could cache generated markdown and the conversion process is on your big server rather than little client.

Tim

 

--
You received this message because you are subscribed to the Google Groups "AppRochester" group.
To unsubscribe from this group and stop receiving emails from it, send an email to approchester...@googlegroups.com.
To post to this group, send email to approc...@googlegroups.com.
Visit this group at http://groups.google.com/group/approchester.
For more options, visit https://groups.google.com/d/optout.

[Tim Duffy]

Thanks Tim,  I'll take a look at those libraries and see if I can get them working with Android Studio.

As for the Markdown pre-rendering, we're already doing that actually.   We render the Markdown to HTML on the server,  as well as pass the Markdown to the client.

I agree that wrapping the HTML with a static template hard-coded on the app may make the most sense.

Thanks for taking the time to write that up!

-TD

--
Tim Duffy
http://timduffy.me/

585-210-8353
@arbiterofbits