Commit Graph

2 Commits

Author SHA1 Message Date
Thomas Lamprecht
a610dd9e32 parser: sanitize HTML: allow 'disabled', 'start', 'type' and 'checked' attributes
This makes check box lists like the following snipped work:

- [X] Done
- [ ] not done

Further allow the start attr, sometimes generated for ordered lists.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-06-21 17:37:38 +02:00
Thomas Lamprecht
51a2f11c6b integrate marked as markdown parser
Define our own, rather minimal interface so that we change the parser
under the hood if ever needed, I already did so once during
evaluating this, as first I checked out Snarkdown[0], which is really
nice for the few lines of code it needs, but is a bit to limited for
the use case.

Currently marked[1] is used, provided by the libjs-marked Debian
package.

For now statically link the marked parser in on built time to avoid
the need to add new directories to serve in our pve/pmg/pbs proxies.
This is a bit ugly but can be cleaned up afterwards transparently
too.

We sanitize the produced HTML ourselves (most MD JS parser/renderer
don't do that) by creating a real, but not active, DOM tree and
recursively prune bad nodes/attrs from it and let it spit out HTML
again at the end. While a tad inefficient it really won't matter for
our use case, as the notes/comments we render are only a few KiB of
text and it's done on the client side anyway.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-06-18 15:19:29 +02:00