🔧 ExpensiMark: Markdown image shorthand syntax

[kidroca]

This PR introduces refinements in the ExpensiMark library to enhance the handling of markdown syntax for images, including the introduction of shorthand syntax for images without alt text, and refines the cleanup of HTML attributes

Fixed Issues

$ Expensify/App#38952

Tests

1. Unit tests have been updated in __tests__/ExpensiMark-HTML-test.js and __tests__/ExpensiMark-Markdown-test.js to cover the new markdown shorthand for images without alt text, the handling of images with empty and special characters in alt text, and the refinement in HTML attribute cleanup. These tests validate the parsing of markdown to HTML and vice versa, ensuring that the changes behave as expected.
2. Manual tests were conducted to verify that the new markdown shorthand for images is correctly converted to HTML, that images with and without alt text are handled properly, and that no XSS vulnerabilities are introduced through the alt text or any other HTML attributes. The tests also confirmed that existing functionality for other markdown elements remains unaffected.

QA

1. QA needs to validate that images using the new shorthand markdown syntax are correctly rendered in the app. This includes testing with various image URLs, with and without alt text, and ensuring that images embedded within text blocks are displayed correctly.
2. It's crucial to test for regressions in the rendering of markdown content, particularly other markdown elements like links, bold/italic text, and code blocks. Ensuring that the sanitization of HTML attributes does not inadvertently affect the rendering of other elements or introduce any rendering issues is also important.

[kidroca]

With the introduction of attributeCleanup rule - this logic is no longer needed

[kidroca]

MARKDOWN_LINK's string was directly moved into the MARDOWN_LINK_REGEX constructor as it's no longer reusable

MARKDOWN_IMAGE_REGEX was updated and although is similar to MARKDOWN_LINK the [alt text] part was made optional

[chiragsalian]

Code LGTM, i just have 2 questions for you. If nothing needs to be modified I'll merge once answered.

[robertKozik]

Hi! @kidroca
Can you check the case when label is a code block and shouldKeepRawInput is set to true? Seems wrong to me

    test.only('No html inside the alt attribute - pre tag', () => {
        const testString = '![```code```](https://example.com/image.png)';
        const resultString = '<img src="https://example.com/image.png" alt="&#x60;&#x60;&#x60;code&#x60;&#x60;&#x60;" data-raw-href="https://example.com/image.png" data-link-variant="labeled" />';
        expect(parser.replace(testString, {shouldKeepRawInput: true})).toBe(resultString);
    });

[kidroca]

@robertKozik, @chiragsalian, I have updated the pull request with a revised approach to handling HTML attributes. The original method aimed to clean up HTML within attributes but proved unreliable because distinguishing embedded HTML from the attribute content was challenging. Consider the example:

<img src="https://example.com/image.png" alt="<pre data-code-raw="code">code</pre>" data-raw-href="https://example.com/image.png" data-link-variant="labeled" /> />

In this case, the alt attribute includes additional quotes that complicate detecting the attribute's end due to the embedded HTML. To address this, I've modified the Regex patterns for the italic, bold, and strike rules to prevent matches within HTML attributes. Additionally, I have added tests to cover these scenarios (thanks to @robertKozik for the suggestion), and all existing tests for these rules continue to pass.

As the scope and focus of the PR have shifted, I kindly request a re-review. I have made an effort to limit the extent of changes for easier review.

[kidroca]

@robertKozik, regarding:

include #676 PR as patch package

While using a patch package might seem convenient, I've updated the PR, which necessitates creating the patch again.

Initially, my suggestion to use the commit hash from my fork was intended as a temporary measure for testing purposes in your PR. This approach would enable us to validate the integration, merge the changes into expensify-common, and then revert to the original package source.
(Here's the hash if you've reconsidered: "expensify-common": "git+ssh://git@github.com/kidroca/expensify-common.git#7a7c075bff9a07eb280fc720bec65b6d2acab161")

Alternatively, if it’s more feasible, I can open a new PR in NewDot using a previous version of live-markdown. Let me know if you prefer this method, and I can set it up later.

[robertKozik]

One minor thing, sorry for bother @kidroca .
If user types !(link) data-link-variant should be set to "auto" rather than "labeled" indicating that it's typed using shorthand syntax

This is needed to distinguish between ![](link) and !(link)

[robertKozik]

Actually I'm still prefering patching the repo with your changes, rather than pointing to the forked repository.
I'll merge it and open the Expensify PR which will unblock you. We will get rid of the patch simply in the next library version.

I've added one more comment - do you think it's solvable? @kidroca

[kidroca]

I've added one more comment - do you think it's solvable? @kidroca

Thanks, I'll post an update in a minute

[robertKozik]

I've came up with something like that:
data-link-variant="${typeof(g1) === 'string' ? 'labeled': 'auto'}"

[kidroca]

Updated

[robertKozik]

@kidroca This PR will unblock you

[robertKozik]

@kidroca react-native-live-markdown bump is merged to main. You should be unblocked now ⛓️ 💥

[robertKozik]

Pls merge main, bold -> <strong/> seems to go under the radar in HTML attributes

[kidroca]

Added this test to ensure the merge conflict was resolved correctly
The test is related to code added in: #681

[kidroca]

Merged main there was a conflict related to bold handling, but it's resolved