Skip to first unread message
Kevin
Oct 27, 2018, 2:08:39 PM10/27/18
to Fat-Free Framework
I'm not sure if this is a bug exactly, but I noticed some funky behavior with the markdown converter. If you convert to markdown in the template directly like:
and then display it with:
This fixes the ">" from displaying, but also allows any other HTML that's part of the string from displaying as raw HTML. Can you think of a way to escape HTML from a markdown string but still allow blockquotes which have the unfortunate coincidence of using an HTML special character?
{{ \Markdown::instance()->convert(@page.content) | raw }}
This converts your string to markdown content and allows the subsequent html to display with the raw filter as expected.
Since @page.content is a template variable, it escapes HTML so in this case (which I find desirable) it prevents HTML someone may have purposefully entered as part of the markdown string in an editor (I'm using simplemde). However because the markdown spec uses ">" for blockquotes, this also gets escaped and instead of converting to a block quote displays the actual ">" on the page.
You can fix this by converting the markdown in your php code ahead of time like:
$f3->set('md_content', \Markdown::instance()->convert($item->content));
and then display it with:
{{ @md_content | raw }}This fixes the ">" from displaying, but also allows any other HTML that's part of the string from displaying as raw HTML. Can you think of a way to escape HTML from a markdown string but still allow blockquotes which have the unfortunate coincidence of using an HTML special character?
ikkez
Oct 27, 2018, 5:39:31 PM10/27/18
to Fat-Free Framework
That's probably not completely solveable with autoescaping enabled by default. you can care about proper encoding yourself by turning off the auto-escaping with ESCAPE=FALSE,
Another method, which we also used on the F3 website itself for all the docs, is to embed the markdown text with a custom html <markdown> tag that'll take care about the conversion and skips the autoencoding made by the template sandbox, see.
xfra35
Oct 28, 2018, 6:05:02 AM10/28/18
to Fat-Free Framework
In your first code sample, I believe you should decode only the @page.content:
{{ \Markdown::instance()->convert(\Base::instance()->decode(@page.content)) }}Or if you create a filter for the markdown conversion, using Template::instance()->filter('md','Markdown->convert'):
{{ @page.content | raw, md }}
In your second code sample {{ @md_content | raw }}, I don't see what's wrong. It should work properly.
I have tried both techniques with the following markdown content without any problem:
#Hi
This is a test of markdown
```
<strong>this is HTML code</strong>
```
> This is a quote
<p>This is <em>raw</em> HTML</p>
Reply all
Reply to author
Forward
0 new messages