Skip to content

Commit

Permalink
Change the Markdown parser
Browse files Browse the repository at this point in the history
Potential security issues have been reported to the marked, but there
is no plan to still be fixed. Because YUIDoc is a one of the development
tool, I have thought unlikely to be affected by the problem. However,
marked is no longer actively maintained, and I'd like to choice a parser
that are more maintenance.

Since YUIDoc only have utilized simply marked as a simple Markdown parser,
change can often be reduced.
  • Loading branch information
okuryu committed Mar 3, 2015
1 parent 9801f49 commit d63a0df
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 10 deletions.
4 changes: 2 additions & 2 deletions docs/args/index.mustache
Original file line number Diff line number Diff line change
Expand Up @@ -261,8 +261,8 @@ See below for <a href="#ex-yui3">more</a> <a href="#ex-yuidoc">examples</a>.
<tr>
<td>`markdown`</td>
<td>
Options to pass to Marked, the Markdown compiler used to compile API descriptions.
See the <a href="https://github.com/chjj/marked#options">Marked readme</a> for details.
Options to pass to markdown-it, the Markdown compiler used to compile API descriptions.
See the <a href="https://markdown-it.github.io/markdown-it/#MarkdownIt.new">markdown-it API</a> for details.
</td>
</tr>
</table>
Expand Down
13 changes: 6 additions & 7 deletions lib/builder.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* Code licensed under the BSD License:
* https://github.com/yui/yuidoc/blob/master/LICENSE
*/
var marked = require('marked'),
var MarkdownIt = require('markdown-it'),
fs = require('graceful-fs'),
noop = function () {},
path = require('path'),
Expand Down Expand Up @@ -138,16 +138,16 @@ YUI.add('doc-builder', function (Y) {
* Wrapper around the Markdown parser so it can be normalized or even side stepped
* @method markdown
* @private
* @param {String} md The Markdown string to parse
* @param {String} data The Markdown string to parse
* @return {HTML} The rendered HTML
*/
markdown: function (md) {
var html = marked(md, this.options.markdown);
markdown: function (data) {
var md = new MarkdownIt(this.options.markdown);
var html = md.render(data);
//Only reprocess if helpers were asked for
if (this.options.helpers || (html.indexOf('{{#crossLink') > -1)) {
//console.log('MD: ', html);
try {
// marked auto-escapes quotation marks (and unfortunately
// markdown-it auto-escapes quotation marks (and unfortunately
// does not expose the escaping function)
html = html.replace(/&quot;/g, "\"");
html = (Y.Handlebars.compile(html))({});
Expand All @@ -156,7 +156,6 @@ YUI.add('doc-builder', function (Y) {
html = html.replace(/\\{/g, '{').replace(/\\}/g, '}');
Y.log('Failed to parse Handlebars, probably an unknown helper, skipping..', 'warn', 'builder');
}
//console.log('HB: ', html);
}
return html;
},
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@
"dependencies": {
"express": "^4.10.1",
"graceful-fs": "2.x",
"marked": "^0.3.3",
"markdown-it": "^3.0.7",
"minimatch": "^2.0.1",
"rimraf": "2.x",
"yui": "^3.18.1"
Expand Down

0 comments on commit d63a0df

Please sign in to comment.