Merge pull request #223 from hydephp/196-add-easy-config-option-to-enable-html-in-markdown-config

Add easy config option to enable HTML in Markdown config

Author: caendesilva

config/markdown.php

@@ -50,6 +50,20 @@
         //
     ],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Allow all HTML tags
+    |--------------------------------------------------------------------------
+    |
+    | HydePHP uses the GitHub Flavored Markdown extension to convert Markdown.
+    | This, by default strips out some HTML tags. If you want to allow all
+    | arbitrary HTML tags, and understand the risks involved, you can
+    | use this config setting to enable all HTML tags.
+    |
+    */
+
+    'allow_html' => false,
+
     /*
     |--------------------------------------------------------------------------
     | Blade-supported Markdown

docs/advanced-markdown.md

@@ -8,8 +8,19 @@ category: "Digging Deeper"
 
 ## Introduction
 
-Since HydePHP makes heavy use of Markdown there are some extra features and helpers
-created just for Hyde to make using Markdown even easier!
+Since HydePHP makes heavy use of Markdown there are some extra features and helpers created just for Hyde to make using Markdown even easier!
+
+## Raw HTML Tags
+
+HydePHP uses the GitHub Flavored Markdown extension to convert Markdown. This, by default strips out some HTML tags. If you want to allow all arbitrary HTML tags, and understand the risks involved, enable all HTML tags by setting the following option to true in your `config/markdown.php` file.
+
+```php
+// filepath: config/markdown.php
+// torchlight! {"lineNumbers": false}
+'allow_html' => true,
+```
+
+This, will behind the scenes add the bundled `DisallowedRawHtml` extension, and configure it so that no HTML tags are stripped out.
 
 ## Blade Support
 

packages/framework/src/Services/MarkdownConverterService.php

@@ -8,6 +8,7 @@
 use Hyde\Framework\Services\Markdown\CodeblockFilepathProcessor;
 use Hyde\Framework\Services\Markdown\ShortcodeProcessor;
 use League\CommonMark\CommonMarkConverter;
+use League\CommonMark\Extension\DisallowedRawHtml\DisallowedRawHtmlExtension;
 use League\CommonMark\Extension\HeadingPermalink\HeadingPermalinkExtension;
 use Torchlight\Commonmark\V2\TorchlightExtension;
 
@@ -85,6 +86,16 @@ protected function setupConverter(): void
             $this->addExtension(TorchlightExtension::class);
         }
 
+        if (config('markdown.allow_html', false)) {
+            $this->addExtension(DisallowedRawHtmlExtension::class);
+
+            $this->config = array_merge([
+                'disallowed_raw_html' => [
+                    'disallowed_tags' => [],
+                ],
+            ], $this->config);
+        }
+
         // Add any custom extensions defined in config
         foreach (config('markdown.extensions', []) as $extensionClassName) {
             $this->addExtension($extensionClassName);

packages/framework/tests/Feature/MarkdownConverterServiceTest.php

@@ -77,4 +77,23 @@ public function test_bladedown_can_be_enabled()
         $service->addFeature('bladedown')->parse();
         $this->assertEquals("Hello World!\n", $service->parse());
     }
+
+    // test raw html tags are stripped by default
+    public function test_raw_html_tags_are_stripped_by_default()
+    {
+        $markdown = '<p>foo</p><style>bar</style><script>hat</script>';
+        $service = new MarkdownConverterService($markdown);
+        $html = $service->parse();
+        $this->assertEquals("<p>foo</p>&lt;style>bar&lt;/style>&lt;script>hat&lt;/script>\n", $html);
+    }
+
+    // test raw html tags are not stripped when explicitly enabled
+    public function test_raw_html_tags_are_not_stripped_when_explicitly_enabled()
+    {
+        config(['markdown.allow_html' =>true]);
+        $markdown = '<p>foo</p><style>bar</style><script>hat</script>';
+        $service = new MarkdownConverterService($markdown);
+        $html = $service->parse();
+        $this->assertEquals("<p>foo</p><style>bar</style><script>hat</script>\n", $html);
+    }
 }