From 64a1a34d9bdc34d72aa1ecf122e2e4cb2630c1eb Mon Sep 17 00:00:00 2001 From: Dave Derderian Date: Mon, 25 Mar 2019 20:50:59 +0900 Subject: [PATCH 1/3] implement custom marked renderer --- src/server.js | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/src/server.js b/src/server.js index 77a8ce4..e5ac4f6 100644 --- a/src/server.js +++ b/src/server.js @@ -25,7 +25,35 @@ const config = require('./config'); const awaiting_moderation = []; -marked.setOptions({ sanitize: true }); +var renderer = new marked.Renderer(); +renderer.code = function(code, language, escaped) { + var lang = (language || '').match(/\S*/)[0]; + if (this.options.highlight) { + var out = this.options.highlight(code, lang); + if (out != null && out !== code) { + escaped = true; + code = out; + } + } + + if (!lang) { + return '
'
+      + (escaped ? code : escape(code, true))
+      + '
'; + } + + return '
'
+    + (escaped ? code : escape(code, true))
+    + '
\n'; +} + +marked.setOptions({ sanitize: true, langPrefix: "language-", renderer: renderer }); dbHandler .init() From 84a6b08be7fc9a29fd3c5db5f4a314f61abf9f49 Mon Sep 17 00:00:00 2001 From: Dave Derderian Date: Tue, 26 Mar 2019 08:50:34 +0900 Subject: [PATCH 2/3] manually escape code block --- src/server.js | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/src/server.js b/src/server.js index e5ac4f6..d061217 100644 --- a/src/server.js +++ b/src/server.js @@ -27,6 +27,17 @@ const awaiting_moderation = []; var renderer = new marked.Renderer(); renderer.code = function(code, language, escaped) { + // escaping helpers + var escapeReplace = /[&<>"']/g + var escapeReplacements = { + '&': '&', + '<': '<', + '>': '>', + '"': '"', + "'": ''' + }; + + var lang = (language || '').match(/\S*/)[0]; if (this.options.highlight) { var out = this.options.highlight(code, lang); @@ -36,21 +47,30 @@ renderer.code = function(code, language, escaped) { } } + if(!escaped) { + code = code.replace(escapeReplace, function (ch) { return escapeReplacements[ch]; }); + } + if (!lang) { return '
'
       + (escaped ? code : escape(code, true))
       + '
'; } - return '
'
-    + (escaped ? code : escape(code, true))
+    + code
     + '
\n'; + + console.log(finalCode); + return finalCode; } marked.setOptions({ sanitize: true, langPrefix: "language-", renderer: renderer }); From 74c9b4c2b41d2c8d77f8c075552c2b9a21de243c Mon Sep 17 00:00:00 2001 From: Dave Derderian Date: Tue, 26 Mar 2019 08:56:48 +0900 Subject: [PATCH 3/3] clean up console.logs and output --- src/server.js | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/server.js b/src/server.js index d061217..8d2159b 100644 --- a/src/server.js +++ b/src/server.js @@ -52,25 +52,12 @@ renderer.code = function(code, language, escaped) { } if (!lang) { - return '
'
-      + (escaped ? code : escape(code, true))
-      + '
'; + return `
${code}
`; } lang = lang.replace(escapeReplace, function (ch) { return escapeReplacements[ch]; }); - const finalCode = '
'
-    + code
-    + '
\n'; - - console.log(finalCode); - return finalCode; + return `
${code}
`; } marked.setOptions({ sanitize: true, langPrefix: "language-", renderer: renderer });