Ghost/ghost/admin/app/utils/format-markdown.js
Kevin Ansfield 359fcb0756 Koenig - Pass html card content through sanitiser
refs https://github.com/TryGhost/Ghost/issues/9724
- extract html sanitisation into a Koenig helper `{{sanitise-html}}` (all markdown handling will eventually move into Koenig too)
- render sanitised html in the html card
2018-08-09 14:59:03 +01:00

66 lines
1.9 KiB
JavaScript

import markdownit from 'npm:markdown-it';
import markdownitFootnote from 'npm:markdown-it-footnote';
import markdownitLazyHeaders from 'npm:markdown-it-lazy-headers';
import markdownitMark from 'npm:markdown-it-mark';
import {sanitizeHtml} from 'koenig-editor/helpers/sanitize-html';
let slugify = function slugify(inputString, usedHeaders) {
let slug = inputString.replace(/[^\w]/g, '').toLowerCase();
if (usedHeaders[slug]) {
usedHeaders[slug] += 1;
slug += usedHeaders[slug];
}
return slug;
};
// originally from https://github.com/leff/markdown-it-named-headers
// moved here to avoid pulling in http://stringjs.com dependency
let markdownitNamedHeaders = function markdownitNamedHeaders(md) {
let originalHeadingOpen = md.renderer.rules.heading_open;
// eslint-disable-next-line camelcase
md.renderer.rules.heading_open = function (tokens, idx, options, env, self) {
let usedHeaders = {};
tokens[idx].attrs = tokens[idx].attrs || [];
let title = tokens[idx + 1].children.reduce(function (acc, t) {
return acc + t.content;
}, '');
let slug = slugify(title, usedHeaders);
tokens[idx].attrs.push(['id', slug]);
if (originalHeadingOpen) {
return originalHeadingOpen.apply(this, arguments);
} else {
return self.renderToken(...arguments);
}
};
};
let md = markdownit({
html: true,
breaks: true,
linkify: true
})
.use(markdownitFootnote)
.use(markdownitLazyHeaders)
.use(markdownitMark)
.use(markdownitNamedHeaders);
// configure linkify-it
md.linkify.set({
fuzzyLink: false
});
export default function formatMarkdown(_markdown, replaceJS = true) {
let markdown = _markdown || '';
let escapedhtml = '';
// convert markdown to HTML
escapedhtml = md.render(markdown);
return sanitizeHtml(escapedhtml, {replaceJS});
}