From 22f1c1afaed8ccff7cc2efe0a039fd0f343dfa7c Mon Sep 17 00:00:00 2001 From: wisetwo Date: Thu, 22 Sep 2016 11:42:41 +0800 Subject: [PATCH 1/3] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 03793c9..3b5439c 100644 --- a/README.md +++ b/README.md @@ -328,4 +328,4 @@ simplemde.clearAutosavedValue(); // no returned value ## How it works SimpleMDE began as an improvement of [lepture's Editor project](https://github.com/lepture/editor), but has now taken on an identity of its own. It is bundled with [CodeMirror](https://github.com/codemirror/codemirror) and depends on [Font Awesome](http://fontawesome.io). -CodeMirror is the backbone of the project and parses much of the Markdown syntax as it's being written. This allows us to add styles to the Markdown that's being written. Additionally, a toolbar and status bar have been added to the top and bottom, respectively. Previews are rendered by [Marked](https://github.com/chjj/marked) using GFM. +CodeMirror is the backbone of the project and parses much of the Markdown syntax as it's being written. This allows us to add styles to the Markdown that's being written. Additionally, a toolbar and status bar have been added to the top and bottom, respectively. Previews are rendered by [Remarkable](https://github.com/jonschlinkert/remarkable) using GFM, but with HTML disabled to prevent xss content, which is different from [marked](https://github.com/chjj/marked). From fd450111585d7a6945a6696396f08a48accb83c0 Mon Sep 17 00:00:00 2001 From: wisetwo Date: Thu, 22 Sep 2016 11:43:46 +0800 Subject: [PATCH 2/3] Update package.json --- package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index 2c3954b..3606908 100644 --- a/package.json +++ b/package.json @@ -23,7 +23,8 @@ "dependencies": { "codemirror": "*", "codemirror-spell-checker": "*", - "marked": "*" + "marked": "*", + "remarkable": "^1.6.2" }, "devDependencies": { "browserify": "*", From a23fd3b40afc6a2fd607b7a67aecae8411a89a39 Mon Sep 17 00:00:00 2001 From: wisetwo Date: Thu, 22 Sep 2016 11:46:32 +0800 Subject: [PATCH 3/3] use remarkble to prevent xss effect in preview --- src/js/simplemde.js | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/src/js/simplemde.js b/src/js/simplemde.js index 016d693..c6b98ca 100644 --- a/src/js/simplemde.js +++ b/src/js/simplemde.js @@ -11,7 +11,8 @@ require("codemirror/addon/selection/mark-selection.js"); require("codemirror/mode/gfm/gfm.js"); require("codemirror/mode/xml/xml.js"); var CodeMirrorSpellChecker = require("codemirror-spell-checker"); -var marked = require("marked"); +//var marked = require("marked"); +var Remarkable = require("remarkable"); // Some variables @@ -1390,7 +1391,7 @@ function SimpleMDE(options) { * Default markdown render. */ SimpleMDE.prototype.markdown = function(text) { - if(marked) { + /*if(marked) { // Initialize var markedOptions = {}; @@ -1415,7 +1416,30 @@ SimpleMDE.prototype.markdown = function(text) { // Return return marked(text); - } + }*/ + if(Remarkable) { + var md = new Remarkable({ + html: false, + xhtmlOut: true, + breaks: false, + highlight: function(str, lang) { + if(typeof window.hljs != undefined && lang && window.hljs.getLanguage(lang)) { + try { + return window.hljs.highlight(lang, str).value; + } catch(err) { + //continue + } + } + try { + return window.hljs.highlightAuto(str).value; + } catch(err) { + //continue + } + return; + } + }); + return md.render(text); + } }; /** @@ -2025,4 +2049,4 @@ SimpleMDE.prototype.toTextArea = function() { } }; -module.exports = SimpleMDE; \ No newline at end of file +module.exports = SimpleMDE;