Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow customizing html escape when export note #1935

Merged
merged 12 commits into from
Jul 17, 2018
Merged

Allow customizing html escape when export note #1935

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
52f694a
fixed null attachment
ZeroX-DG May 19, 2018
d6c28da
added export escape html config
ZeroX-DG May 19, 2018
9893fd9
fixed eslint
ZeroX-DG May 19, 2018
1516807
fixed double escape html
ZeroX-DG May 20, 2018
707356b
revert to the original function for better performance
ZeroX-DG May 29, 2018
0ae1263
abort
ZeroX-DG Jun 5, 2018
c2f0147
updated new escape html function
ZeroX-DG Jul 4, 2018
7d9f309
Merge remote-tracking branch 'upstream/master' into allow-no-html-escape
ZeroX-DG Jul 4, 2018
55d86d8
improved escape function
ZeroX-DG Jul 4, 2018
9cc7b8b
fixed redundant code
ZeroX-DG Jul 4, 2018
bc64083
allow detect code block or not in escapeHtml function
ZeroX-DG Jul 6, 2018
563fdcb
added tests escape html function
ZeroX-DG Jul 6, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions browser/components/MarkdownPreview.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ export default class MarkdownPreview extends React.Component {
const {fontFamily, fontSize, codeBlockFontFamily, lineNumber, codeBlockTheme, scrollPastEnd, theme, allowCustomCSS, customCSS} = this.getStyleParams()

const inlineStyles = buildStyle(fontFamily, fontSize, codeBlockFontFamily, lineNumber, scrollPastEnd, theme, allowCustomCSS, customCSS)
let body = this.markdown.render(escapeHtmlCharacters(noteContent))
let body = this.markdown.render(escapeHtmlCharacters(noteContent, { detectCodeBlock: true }))

const files = [this.GetCodeThemeLink(codeBlockTheme), ...CSS_FILES]
const attachmentsAbsolutePaths = attachmentManagement.getAbsolutePathsOfAttachmentsInContent(noteContent, this.props.storagePath)
Expand Down Expand Up @@ -412,7 +412,7 @@ export default class MarkdownPreview extends React.Component {
value = value.replace(codeBlock, htmlTextHelper.encodeEntities(codeBlock))
})
}
let renderedHTML = this.markdown.render(value)
const renderedHTML = this.markdown.render(value)
attachmentManagement.migrateAttachments(renderedHTML, storagePath, noteKey)
this.refs.root.contentWindow.document.body.innerHTML = attachmentManagement.fixLocalURLS(renderedHTML, storagePath)

Expand Down
1 change: 0 additions & 1 deletion browser/lib/markdown.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,4 +245,3 @@ class Markdown {
}

export default Markdown

94 changes: 53 additions & 41 deletions browser/lib/utils.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,52 +6,64 @@ export function lastFindInArray (array, callback) {
}
}

export function escapeHtmlCharacters (text) {
const matchHtmlRegExp = /["'&<>]/
const str = '' + text
const match = matchHtmlRegExp.exec(str)
export function escapeHtmlCharacters (html, opt = { detectCodeBlock: false }) {
const matchHtmlRegExp = /["'&<>]/g
const escapes = ['&quot;', '&amp;', '&#39;', '&lt;', '&gt;']
let match = null
const replaceAt = (str, index, replace) =>
str.substr(0, index) +
replace +
str.substr(index + replace.length - (replace.length - 1))

if (!match) {
return str
}

let escape
let html = ''
let index = 0
let lastIndex = 0

for (index = match.index; index < str.length; index++) {
switch (str.charCodeAt(index)) {
case 34: // "
escape = '&quot;'
break
case 38: // &
escape = '&amp;'
break
case 39: // '
escape = '&#39;'
break
case 60: // <
escape = '&lt;'
break
case 62: // >
escape = '&gt;'
break
default:
// detecting code block
while ((match = matchHtmlRegExp.exec(html)) != null) {
const current = { char: match[0], index: match.index }
if (opt.detectCodeBlock) {
// position of the nearest line start
let previousLineEnd = current.index - 1
while (html[previousLineEnd] !== '\n' && previousLineEnd !== -1) {
previousLineEnd--
}
// 4 spaces means this character is in a code block
if (
html[previousLineEnd + 1] === ' ' &&
html[previousLineEnd + 2] === ' ' &&
html[previousLineEnd + 3] === ' ' &&
html[previousLineEnd + 4] === ' '
) {
// so skip it
continue
}
}

if (lastIndex !== index) {
html += str.substring(lastIndex, index)
// otherwise, escape it !!!
if (current.char === '&') {
let nextStr = ''
let nextIndex = current.index
let escapedStr = false
// maximum length of an escape string is 5. For example ('&quot;')
while (nextStr.length <= 5) {
nextStr += html[nextIndex]
nextIndex++
if (escapes.indexOf(nextStr) !== -1) {
escapedStr = true
break
}
}
if (!escapedStr) {
// this & char is not a part of an escaped string
html = replaceAt(html, current.index, '&amp;')
}
} else if (current.char === '"') {
html = replaceAt(html, current.index, '&quot;')
} else if (current.char === "'") {
html = replaceAt(html, current.index, '&#39;')
} else if (current.char === '<') {
html = replaceAt(html, current.index, '&lt;')
} else if (current.char === '>') {
html = replaceAt(html, current.index, '&gt;')
}

lastIndex = index + 1
html += escape
}

return lastIndex !== index
? html + str.substring(lastIndex, index)
: html
return html
}

export function isObjectEqual (a, b) {
Expand Down
48 changes: 48 additions & 0 deletions tests/lib/escapeHtmlCharacters-test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
const { escapeHtmlCharacters } = require('browser/lib/utils')
const test = require('ava')

test('escapeHtmlCharacters should return the original string if nothing needed to escape', t => {
const input = 'Nothing to be escaped'
const expected = 'Nothing to be escaped'
const actual = escapeHtmlCharacters(input)
t.is(actual, expected)
})

test('escapeHtmlCharacters should skip code block if that option is enabled', t => {
const input = ` <no escape>
<escapeMe>`
const expected = ` <no escape>
&lt;escapeMe&gt;`
const actual = escapeHtmlCharacters(input, { detectCodeBlock: true })
t.is(actual, expected)
})

test('escapeHtmlCharacters should NOT skip character not in code block but start with 4 spaces', t => {
const input = '4 spaces &'
const expected = '4 spaces &amp;'
const actual = escapeHtmlCharacters(input, { detectCodeBlock: true })
t.is(actual, expected)
})

test('escapeHtmlCharacters should NOT skip code block if that option is NOT enabled', t => {
const input = ` <no escape>
<escapeMe>`
const expected = ` &lt;no escape&gt;
&lt;escapeMe&gt;`
const actual = escapeHtmlCharacters(input)
t.is(actual, expected)
})

test('escapeHtmlCharacters should NOT escape & character if it\'s a part of an escaped character', t => {
const input = 'Do not escape &amp; or &quot; but do escape &'
const expected = 'Do not escape &amp; or &quot; but do escape &amp;'
const actual = escapeHtmlCharacters(input)
t.is(actual, expected)
})

test('escapeHtmlCharacters should return the correct result', t => {
const input = '& < > " \''
const expected = '&amp; &lt; &gt; &quot; &#39;'
const actual = escapeHtmlCharacters(input)
t.is(actual, expected)
})