diff --git a/package.json b/package.json
index 95052f9..1bec8f3 100755
--- a/package.json
+++ b/package.json
@@ -3,6 +3,6 @@
"date-fns": "^4.1.0",
"ejs": "^3.1.10",
"express": "^5.1.0",
- "showdown": "^2.1.0"
+ "markdown-it": "^14.1.0"
}
}
diff --git a/src/functions.js b/src/functions.js
index 8923102..3b954d7 100644
--- a/src/functions.js
+++ b/src/functions.js
@@ -86,6 +86,7 @@ export function escape_input(input) {
.replaceAll("'", "'")
.replaceAll("/", "/")
.replaceAll("%", "%")
+ .replaceAll("&", "&")
return output
}
@@ -98,3 +99,8 @@ export function render_comment(comment_content) {
.replaceAll(/>>([0-9]*)/g, ">>$1")
.replaceAll("\n", "
")
};
+export function render_md(content) {
+ const markdownit = require("markdown-it")
+ const md = markdownit()
+ return md.render(content)
+};
diff --git a/src/server.js b/src/server.js
index 1dcf068..234ead4 100644
--- a/src/server.js
+++ b/src/server.js
@@ -1,7 +1,6 @@
// Get the libraries
const fs = require('fs'); // For modifying and reading files
const express = require('express'); // For running a webserver in nodejs
-const showdown = require('showdown') // For converting markdown to html on demand, https://showdownjs.com/
const crypto = require('crypto'); // For encrypting passwords, I use sha512
// fromUnixTime(): Create a date from a Unix timestamp (in seconds). Decimal values will be discarded.
// format(): Return the formatted date string in the given format. The result may vary by locale.
@@ -49,16 +48,6 @@ catch (error) {
console.log("Locale selected: ", config.locale)
}
-// https://showdownjs.com/docs/available-options
-let converter = new showdown.Converter({
- simpleLineBreaks: true, // Parse line breaks as
in paragraphs (GitHub-style behavior).
- tables: true, // Enable support for tables syntax.
- strikethrough: true, // Enable support for strikethrough: ~~text~~
- tasklists: true, // Enable support for GitHub style tasklists. - [x] and - [ ]
- encodeEmails: true, //Enable automatic obfuscation of email addresses. emails are encoded via character entities
- headerLevelStart: 3, //Set starting level for the heading tags.
-})
-
// Define stuff to do with express (nodejs webserver)
const app = express();
app.use(express.urlencoded({ extended: true }));
@@ -82,7 +71,6 @@ app.get("/rss", (req,res) => {
res.render("syndication/global_rss", {
config,
posts,
- converter,
func,
})
};
@@ -102,7 +90,6 @@ app.get("/user/:username/rss", (req,res) => {
res.render("syndication/user_rss", {
config,
posts,
- converter,
func,
userID,
})
@@ -121,7 +108,6 @@ app.get("/atom", (req,res) => {
res.render("syndication/global_atom", {
config,
posts,
- converter,
func,
getUnixTime,
})
@@ -142,7 +128,6 @@ app.get("/user/:username/atom", (req,res) => {
res.render("syndication/user_atom", {
config,
posts,
- converter,
func,
userID,
getUnixTime,
@@ -201,7 +186,6 @@ app.get("/", (req,res) => {
format,
getUnixTime,
func,
- converter,
})
}); // /
app.get("/user/:username", (req, res) => {
@@ -220,7 +204,6 @@ app.get("/user/:username", (req, res) => {
format: format,
getUnixTime: getUnixTime,
func,
- converter,
})
}); // /user/:username
app.get("/post/:post_index", (req, res) => {
@@ -244,7 +227,6 @@ app.get("/post/:post_index", (req, res) => {
format,
getUnixTime,
func,
- converter,
})
}
else {
@@ -266,7 +248,6 @@ app.get("/tag/:tag", (req,res) => {
format: format,
getUnixTime: getUnixTime,
func,
- converter,
})
}); // /tag/:tag
app.get("/comment/:commentID", (req,res) => {
@@ -290,7 +271,6 @@ app.get("/comment/:commentID", (req,res) => {
format: format,
getUnixTime: getUnixTime,
func,
- converter,
})
}
});
@@ -371,7 +351,7 @@ app.post("/submit_post", (req,res) => {
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
const username = func.escape_input(req.body.username)
const title = func.escape_input(req.body.title)
- const content = func.escape_input(req.body.content)
+ const content = req.body.content
const tags = func.escape_input(req.body.tags).split(',');
const unix_timestamp = getUnixTime(new Date())
@@ -409,7 +389,7 @@ app.post("/submit_signup", (req,res) => {
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
const username = func.escape_input(req.body.username)
const prettyname = func.escape_input(req.body.prettyname)
- const description = func.escape_input(req.body.description)
+ const description = req.body.description
// Check that signups are allowed
if (config.allow_signup == true) {
@@ -450,7 +430,7 @@ app.post("/submit_edit_user", (req,res) => {
// Get the form info
const password = crypto.createHash("sha512").update(req.body.password).digest("hex");
const userID = func.escape_input(req.body.userID)
- const description = func.escape_input(req.body.description)
+ const description = req.body.description
const prettyname = func.escape_input(req.body.prettyname)
const delete_bool = req.body.delete
@@ -496,9 +476,9 @@ app.post("/submit_edit_post", (req,res) => {
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
const postID = req.body.postID
const userID = req.body.userID
- const title = req.body.title
+ const title = func.escape_input(req.body.title)
const content = req.body.content
- const tags = req.body.tags.split(',');
+ const tags = func.escape_input(req.body.tags).split(",")
const delete_bool = req.body.delete
const unix_timestamp = getUnixTime(new Date())
console.log(users[userID]['prettyname'], "is editting the post titled:", title);
diff --git a/views/headers/user.ejs b/views/headers/user.ejs
index 4f67f8e..e27f9b0 100644
--- a/views/headers/user.ejs
+++ b/views/headers/user.ejs
@@ -1,7 +1,7 @@
<%= user.prettyname %>
-<%- converter.makeHtml(user.description) %>
+<%- func.render_md(user.description) %>
<%= locale.edit_account %>
<%= locale.rss_feed %>
<%= locale.atom_feed %>
diff --git a/views/posts/post.ejs b/views/posts/post.ejs
index 1fe0f8f..ec2aeb6 100644
--- a/views/posts/post.ejs
+++ b/views/posts/post.ejs
@@ -1,7 +1,7 @@
<%= post.title %>
-<%- converter.makeHtml(post.content) %>
+<%- func.render_md(post.content) %>
<%= locale.written_by %> <%= user.username %>
diff --git a/views/posts/tag.ejs b/views/posts/tag.ejs
index 4335051..309e94c 100644
--- a/views/posts/tag.ejs
+++ b/views/posts/tag.ejs
@@ -1,7 +1,7 @@
<%= post.title %>
-<%- converter.makeHtml(post.content) %>
+<%- func.render_md(post.content) %>
<%= locale.permalink %>
<%- func.hyperlink_tags(post.tags) %>
diff --git a/views/posts/timeline.ejs b/views/posts/timeline.ejs
index e8492de..b22ec59 100644
--- a/views/posts/timeline.ejs
+++ b/views/posts/timeline.ejs
@@ -1,7 +1,7 @@
<%= post.title %>
-<%- converter.makeHtml(post.content) %>
+<%- func.render_md(post.content) %>
<%= locale.permalink %>
<%= locale.written_by %> <%= user.username %>
diff --git a/views/posts/user.ejs b/views/posts/user.ejs
index d3d9e50..d33ed3a 100644
--- a/views/posts/user.ejs
+++ b/views/posts/user.ejs
@@ -1,7 +1,7 @@
<%= post.title %>
-<%- converter.makeHtml(post.content) %>
+<%- func.render_md(post.content) %>
<%= locale.permalink %>