Merge pull request #223 from hydephp/196-add-easy-config-option-to-enable-html-in-markdown-config

github-actions · github-actions · commit c64a5d2b3134 · 2022-07-14T19:32:40.000Z
Add easy config option to enable HTML in Markdown config hydephp/develop@e7b7ff0
diff --git a/src/Services/MarkdownConverterService.php b/src/Services/MarkdownConverterService.php
@@ -8,6 +8,7 @@
 use Hyde\Framework\Services\Markdown\CodeblockFilepathProcessor;
 use Hyde\Framework\Services\Markdown\ShortcodeProcessor;
 use League\CommonMark\CommonMarkConverter;
+use League\CommonMark\Extension\DisallowedRawHtml\DisallowedRawHtmlExtension;
 use League\CommonMark\Extension\HeadingPermalink\HeadingPermalinkExtension;
 use Torchlight\Commonmark\V2\TorchlightExtension;
 
@@ -85,6 +86,16 @@ protected function setupConverter(): void
             $this->addExtension(TorchlightExtension::class);
         }
 
+        if (config('markdown.allow_html', false)) {
+            $this->addExtension(DisallowedRawHtmlExtension::class);
+
+            $this->config = array_merge([
+                'disallowed_raw_html' => [
+                    'disallowed_tags' => [],
+                ],
+            ], $this->config);
+        }
+
         // Add any custom extensions defined in config
         foreach (config('markdown.extensions', []) as $extensionClassName) {
             $this->addExtension($extensionClassName);
diff --git a/tests/Feature/MarkdownConverterServiceTest.php b/tests/Feature/MarkdownConverterServiceTest.php
@@ -77,4 +77,23 @@ public function test_bladedown_can_be_enabled()
         $service->addFeature('bladedown')->parse();
         $this->assertEquals("Hello World!\n", $service->parse());
     }
+
+    // test raw html tags are stripped by default
+    public function test_raw_html_tags_are_stripped_by_default()
+    {
+        $markdown = '<p>foo</p><style>bar</style><script>hat</script>';
+        $service = new MarkdownConverterService($markdown);
+        $html = $service->parse();
+        $this->assertEquals("<p>foo</p>&lt;style>bar&lt;/style>&lt;script>hat&lt;/script>\n", $html);
+    }
+
+    // test raw html tags are not stripped when explicitly enabled
+    public function test_raw_html_tags_are_not_stripped_when_explicitly_enabled()
+    {
+        config(['markdown.allow_html' =>true]);
+        $markdown = '<p>foo</p><style>bar</style><script>hat</script>';
+        $service = new MarkdownConverterService($markdown);
+        $html = $service->parse();
+        $this->assertEquals("<p>foo</p><style>bar</style><script>hat</script>\n", $html);
+    }
 }
