From 72be232395e2075d09e568c51806e55ca1f0b042 Mon Sep 17 00:00:00 2001 From: jecsham Date: Thu, 12 Sep 2019 20:48:21 -0500 Subject: [PATCH 1/9] dev-feature: added example directory with default demo --- example/index.html | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 example/index.html diff --git a/example/index.html b/example/index.html new file mode 100644 index 0000000..d4ddd1e --- /dev/null +++ b/example/index.html @@ -0,0 +1,20 @@ + + + + + + + + Example / Preview + + + + + + + + + + \ No newline at end of file From 9d2665b895514d9c8463b342b854f99c0f746c6c Mon Sep 17 00:00:00 2001 From: adamb70 Date: Tue, 4 Feb 2020 13:23:20 +0000 Subject: [PATCH 2/9] Allow custom sanitize function Update README.md --- README.md | 5 +++++ src/js/easymde.js | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/README.md b/README.md index b68caba..01a1ef5 100644 --- a/README.md +++ b/README.md @@ -178,6 +178,7 @@ easyMDE.value('New input for **EasyMDE**'); - **hljs**: An injectible instance of [highlight.js](https://github.com/isagalaev/highlight.js). If you don't want to rely on the global namespace (`window.hljs`), you can provide an instance here. Defaults to `undefined`. - **markedOptions**: Set the internal Markdown renderer's [options](https://marked.js.org/#/USING_ADVANCED.md#options). Other `renderingConfig` options will take precedence. - **singleLineBreaks**: If set to `false`, disable parsing GFM single line breaks. Defaults to `true`. + - **sanitizerFunction**: Custom function for sanitizing the HTML output of markdown renderer. - **shortcuts**: Keyboard shortcuts associated with this instance. Defaults to the [array of shortcuts](#keyboard-shortcuts). - **showIcons**: An array of icon names to show. Can be used to show specific icons hidden by default without completely customizing the toolbar. - **spellChecker**: If set to `false`, disable the spell checker. Defaults to `true`. @@ -251,6 +252,10 @@ var editor = new EasyMDE({ renderingConfig: { singleLineBreaks: false, codeSyntaxHighlighting: true, + sanitizerFunction: function(renderedHTML) { + // Using DOMPurify and only allowing tags + return DOMPurify.sanitize(renderedHTML, {ALLOWED_TAGS: ['b']}) + }, }, shortcuts: { drawTable: "Cmd-Alt-T" diff --git a/src/js/easymde.js b/src/js/easymde.js index 4e0a2f6..78aa594 100644 --- a/src/js/easymde.js +++ b/src/js/easymde.js @@ -1762,6 +1762,11 @@ EasyMDE.prototype.markdown = function (text) { // Convert the markdown to HTML var htmlText = marked(text); + + // Sanitize HTML + if (this.options.renderingConfig && typeof this.options.renderingConfig.sanitizerFunction === 'function') { + htmlText = this.options.renderingConfig.sanitizerFunction(htmlText); + } // Edit the HTML anchors to add 'target="_blank"' by default. htmlText = addAnchorTargetBlank(htmlText); From c83c593d58dcf7c435b4567071b8dda3444eeb11 Mon Sep 17 00:00:00 2001 From: adamb70 Date: Tue, 4 Feb 2020 18:21:54 +0000 Subject: [PATCH 3/9] Use .call() on the sanitize function --- src/js/easymde.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/js/easymde.js b/src/js/easymde.js index 78aa594..5e4d8ce 100644 --- a/src/js/easymde.js +++ b/src/js/easymde.js @@ -1765,7 +1765,7 @@ EasyMDE.prototype.markdown = function (text) { // Sanitize HTML if (this.options.renderingConfig && typeof this.options.renderingConfig.sanitizerFunction === 'function') { - htmlText = this.options.renderingConfig.sanitizerFunction(htmlText); + htmlText = this.options.renderingConfig.sanitizerFunction.call(this, htmlText); } // Edit the HTML anchors to add 'target="_blank"' by default. From d0bc3b7e85463a229e31a2fc29cc0cfb90364fb4 Mon Sep 17 00:00:00 2001 From: Craig Teegarden Date: Wed, 5 Feb 2020 15:34:22 -0500 Subject: [PATCH 4/9] fix link in changelog --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8bad0b0..eeb9a78 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -146,7 +146,7 @@ Project forked from [SimpleMDE](https://github.com/sparksuite/simplemde-markdown [#9]: https://github.com/Ionaru/easy-markdown-editor/issues/9 -[#143]: https://github.com/Ionaru/easy-markdown-editor/pull/132 +[#143]: https://github.com/Ionaru/easy-markdown-editor/pull/143 [#139]: https://github.com/Ionaru/easy-markdown-editor/pull/139 [#132]: https://github.com/Ionaru/easy-markdown-editor/pull/132 [#123]: https://github.com/Ionaru/easy-markdown-editor/pull/123 From f8434d7a4bf2acbc915d249bb9a5285dc62ecc9f Mon Sep 17 00:00:00 2001 From: adamb70 Date: Thu, 6 Feb 2020 12:36:30 +0000 Subject: [PATCH 5/9] Update CHANGELOG.md --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index eeb9a78..dd70263 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] ### Added - `inputStyle` and `nativeSpellcheck` options to manage the native language of the browser (Thanks to [@firm1], [#143]). +- `sanitizerFunction` option to allow custom HTML sanitizing in the markdown preview (Thanks to [@adamb70], [#147]). ### Changed - Delay before assuming that submit of the form as failed is `autosave.submit_delay` instead of `autosave.delay` (Thanks to [@Situphen], [#139]). From 2a1209da26c727a92c98e1458411634c1689a933 Mon Sep 17 00:00:00 2001 From: Jeroen Akkerman Date: Tue, 18 Feb 2020 00:29:56 +0100 Subject: [PATCH 6/9] Update dependencies --- package-lock.json | 18 +++++++++--------- package.json | 6 +++--- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index c135596..7914dd3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -25,9 +25,9 @@ } }, "@types/codemirror": { - "version": "0.0.82", - "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-0.0.82.tgz", - "integrity": "sha512-EVlPrt1rB256CRTlhNCXXLYaN24n3qZNStM6dRWaV6sUYyJA1SC5hvDSCHEHDg1SB93X8TwAGWRjEVdmUWPHmQ==", + "version": "0.0.85", + "resolved": "https://registry.npmjs.org/@types/codemirror/-/codemirror-0.0.85.tgz", + "integrity": "sha512-ZAVyNzXAHu/mkvvZlq2IYPBjm4X3mEno27epXpBRXwWbX75zAAeGZfubXxft1kWNqBSI2f50kvuJTG+fRwHaNg==", "dev": true, "requires": { "@types/tern": "*" @@ -1035,9 +1035,9 @@ "dev": true }, "codemirror": { - "version": "5.50.2", - "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.50.2.tgz", - "integrity": "sha512-PPjUsC1oXSM86lunKrw609P1oM0Wu8z9rqzjbeyBYCcx44VL41aUpccdOf1PfAZtTONlmN3sT3p2etLNYa1OGg==" + "version": "5.51.0", + "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.51.0.tgz", + "integrity": "sha512-vyuYYRv3eXL0SCuZA4spRFlKNzQAewHcipRQCOKgRy7VNAvZxTKzbItdbCl4S5AgPZ5g3WkHp+ibWQwv9TLG7Q==" }, "codemirror-spell-checker": { "version": "1.1.2", @@ -5907,9 +5907,9 @@ "dev": true }, "typescript": { - "version": "3.7.4", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.7.4.tgz", - "integrity": "sha512-A25xv5XCtarLwXpcDNZzCGvW2D1S3/bACratYBx2sax8PefsFhlYmkQicKHvpYflFS8if4zne5zT5kpJ7pzuvw==", + "version": "3.7.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-3.7.5.tgz", + "integrity": "sha512-/P5lkRXkWHNAbcJIiHPfRoKqyd7bsyCma1hZNUGfn20qm64T6ZBlrzprymeu918H+mB/0rIg2gGK/BXkhhYgBw==", "dev": true }, "typo-js": { diff --git a/package.json b/package.json index 03a9a95..9884d1e 100644 --- a/package.json +++ b/package.json @@ -19,12 +19,12 @@ "license": "MIT", "author": "Jeroen Akkerman", "dependencies": { - "codemirror": "^5.50.2", + "codemirror": "^5.51.0", "codemirror-spell-checker": "1.1.2", "marked": "^0.8.0" }, "devDependencies": { - "@types/codemirror": "0.0.82", + "@types/codemirror": "0.0.85", "@types/marked": "^0.7.2", "browserify": "^16.5.0", "gulp": "^4.0.2", @@ -35,7 +35,7 @@ "gulp-rename": "^2.0.0", "gulp-terser": "^1.2.0", "gulp-uglify": "^3.0.2", - "typescript": "^3.7.4", + "typescript": "^3.7.5", "vinyl-buffer": "^1.0.0", "vinyl-source-stream": "^2.0.0" }, From 23a06e46a30dd0df61f3cc7ab3aa1ad230e7d79d Mon Sep 17 00:00:00 2001 From: A-312 Date: Thu, 6 Feb 2020 20:56:07 +0100 Subject: [PATCH 7/9] Add `watch` command (instead build after each change) --- CHANGELOG.md | 2 +- gulpfile.js | 20 ++++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eeb9a78..e4c7f49 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - `inputStyle` and `nativeSpellcheck` options to manage the native language of the browser (Thanks to [@firm1], [#143]). ### Changed - Delay before assuming that submit of the form as failed is `autosave.submit_delay` instead of `autosave.delay` (Thanks to [@Situphen], [#139]). - +- Add `watch` task for gulp. ## [2.9.0] - 2020-01-13 ### Added diff --git a/gulpfile.js b/gulpfile.js index 6f3faea..5f9fcf1 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -20,6 +20,13 @@ var banner = ['/**', ' */', ''].join('\n'); + +var css_files = [ + './node_modules/codemirror/lib/codemirror.css', + './src/css/*.css', + './node_modules/codemirror-spell-checker/src/css/spell-checker.css', +]; + function lint() { return gulp.src('./src/js/**/*.js') .pipe(eslint()) @@ -37,12 +44,6 @@ function scripts() { } function styles() { - var css_files = [ - './node_modules/codemirror/lib/codemirror.css', - './src/css/*.css', - './node_modules/codemirror-spell-checker/src/css/spell-checker.css', - ]; - return gulp.src(css_files) .pipe(concat('easymde.css')) .pipe(cleanCSS()) @@ -52,7 +53,14 @@ function styles() { .pipe(gulp.dest('./dist/')); } +// Watch for file changes +function watch() { + gulp.watch('./src/js/easymde.js', scripts) + gulp.watch(css_files, styles) +} + var build = gulp.parallel(gulp.series(lint, scripts), styles); gulp.task('default', build); +gulp.task('watch', gulp.series(build, watch)); gulp.task('lint', lint); From 67ba044b5c7810aedfc381636f13605d186a3a54 Mon Sep 17 00:00:00 2001 From: A-312 Date: Thu, 5 Mar 2020 18:34:24 +0100 Subject: [PATCH 8/9] Watch all js files --- gulpfile.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gulpfile.js b/gulpfile.js index 5f9fcf1..60acdab 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -55,7 +55,7 @@ function styles() { // Watch for file changes function watch() { - gulp.watch('./src/js/easymde.js', scripts) + gulp.watch('./src/js/**/*.js', scripts) gulp.watch(css_files, styles) } From fc81bd476cc47cf06e107f37a6d2cb9be7cd1533 Mon Sep 17 00:00:00 2001 From: Jeroen Akkerman Date: Fri, 6 Mar 2020 00:43:08 +0100 Subject: [PATCH 9/9] Add sanitizerFunction to typings --- types/easymde.d.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/types/easymde.d.ts b/types/easymde.d.ts index 8fef851..9391416 100644 --- a/types/easymde.d.ts +++ b/types/easymde.d.ts @@ -58,6 +58,7 @@ declare namespace EasyMDE { codeSyntaxHighlighting?: boolean; hljs?: any; markedOptions?: marked.MarkedOptions; + sanitizerFunction?: (html: string) => string; singleLineBreaks?: boolean; }