Fixed issue relating to showdownjs not escaping html tags by porting to
markdown-it, also introduced a new function: func.render_md
This commit is contained in:
@@ -3,6 +3,6 @@
|
||||
"date-fns": "^4.1.0",
|
||||
"ejs": "^3.1.10",
|
||||
"express": "^5.1.0",
|
||||
"showdown": "^2.1.0"
|
||||
"markdown-it": "^14.1.0"
|
||||
}
|
||||
}
|
||||
|
||||
@@ -86,6 +86,7 @@ export function escape_input(input) {
|
||||
.replaceAll("'", "'")
|
||||
.replaceAll("/", "/")
|
||||
.replaceAll("%", "%")
|
||||
.replaceAll("&", "&")
|
||||
return output
|
||||
}
|
||||
|
||||
@@ -98,3 +99,8 @@ export function render_comment(comment_content) {
|
||||
.replaceAll(/>>([0-9]*)/g, "<a href='/comment/$1'>>>$1</a>")
|
||||
.replaceAll("\n", "<br/>")
|
||||
};
|
||||
export function render_md(content) {
|
||||
const markdownit = require("markdown-it")
|
||||
const md = markdownit()
|
||||
return md.render(content)
|
||||
};
|
||||
|
||||
@@ -1,7 +1,6 @@
|
||||
// Get the libraries
|
||||
const fs = require('fs'); // For modifying and reading files
|
||||
const express = require('express'); // For running a webserver in nodejs
|
||||
const showdown = require('showdown') // For converting markdown to html on demand, https://showdownjs.com/
|
||||
const crypto = require('crypto'); // For encrypting passwords, I use sha512
|
||||
// fromUnixTime(): Create a date from a Unix timestamp (in seconds). Decimal values will be discarded.
|
||||
// format(): Return the formatted date string in the given format. The result may vary by locale.
|
||||
@@ -49,16 +48,6 @@ catch (error) {
|
||||
console.log("Locale selected: ", config.locale)
|
||||
}
|
||||
|
||||
// https://showdownjs.com/docs/available-options
|
||||
let converter = new showdown.Converter({
|
||||
simpleLineBreaks: true, // Parse line breaks as <br/> in paragraphs (GitHub-style behavior).
|
||||
tables: true, // Enable support for tables syntax.
|
||||
strikethrough: true, // Enable support for strikethrough: ~~text~~
|
||||
tasklists: true, // Enable support for GitHub style tasklists. - [x] and - [ ]
|
||||
encodeEmails: true, //Enable automatic obfuscation of email addresses. emails are encoded via character entities
|
||||
headerLevelStart: 3, //Set starting level for the heading tags.
|
||||
})
|
||||
|
||||
// Define stuff to do with express (nodejs webserver)
|
||||
const app = express();
|
||||
app.use(express.urlencoded({ extended: true }));
|
||||
@@ -82,7 +71,6 @@ app.get("/rss", (req,res) => {
|
||||
res.render("syndication/global_rss", {
|
||||
config,
|
||||
posts,
|
||||
converter,
|
||||
func,
|
||||
})
|
||||
};
|
||||
@@ -102,7 +90,6 @@ app.get("/user/:username/rss", (req,res) => {
|
||||
res.render("syndication/user_rss", {
|
||||
config,
|
||||
posts,
|
||||
converter,
|
||||
func,
|
||||
userID,
|
||||
})
|
||||
@@ -121,7 +108,6 @@ app.get("/atom", (req,res) => {
|
||||
res.render("syndication/global_atom", {
|
||||
config,
|
||||
posts,
|
||||
converter,
|
||||
func,
|
||||
getUnixTime,
|
||||
})
|
||||
@@ -142,7 +128,6 @@ app.get("/user/:username/atom", (req,res) => {
|
||||
res.render("syndication/user_atom", {
|
||||
config,
|
||||
posts,
|
||||
converter,
|
||||
func,
|
||||
userID,
|
||||
getUnixTime,
|
||||
@@ -201,7 +186,6 @@ app.get("/", (req,res) => {
|
||||
format,
|
||||
getUnixTime,
|
||||
func,
|
||||
converter,
|
||||
})
|
||||
}); // /
|
||||
app.get("/user/:username", (req, res) => {
|
||||
@@ -220,7 +204,6 @@ app.get("/user/:username", (req, res) => {
|
||||
format: format,
|
||||
getUnixTime: getUnixTime,
|
||||
func,
|
||||
converter,
|
||||
})
|
||||
}); // /user/:username
|
||||
app.get("/post/:post_index", (req, res) => {
|
||||
@@ -244,7 +227,6 @@ app.get("/post/:post_index", (req, res) => {
|
||||
format,
|
||||
getUnixTime,
|
||||
func,
|
||||
converter,
|
||||
})
|
||||
}
|
||||
else {
|
||||
@@ -266,7 +248,6 @@ app.get("/tag/:tag", (req,res) => {
|
||||
format: format,
|
||||
getUnixTime: getUnixTime,
|
||||
func,
|
||||
converter,
|
||||
})
|
||||
}); // /tag/:tag
|
||||
app.get("/comment/:commentID", (req,res) => {
|
||||
@@ -290,7 +271,6 @@ app.get("/comment/:commentID", (req,res) => {
|
||||
format: format,
|
||||
getUnixTime: getUnixTime,
|
||||
func,
|
||||
converter,
|
||||
})
|
||||
}
|
||||
});
|
||||
@@ -371,7 +351,7 @@ app.post("/submit_post", (req,res) => {
|
||||
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
|
||||
const username = func.escape_input(req.body.username)
|
||||
const title = func.escape_input(req.body.title)
|
||||
const content = func.escape_input(req.body.content)
|
||||
const content = req.body.content
|
||||
const tags = func.escape_input(req.body.tags).split(',');
|
||||
const unix_timestamp = getUnixTime(new Date())
|
||||
|
||||
@@ -409,7 +389,7 @@ app.post("/submit_signup", (req,res) => {
|
||||
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
|
||||
const username = func.escape_input(req.body.username)
|
||||
const prettyname = func.escape_input(req.body.prettyname)
|
||||
const description = func.escape_input(req.body.description)
|
||||
const description = req.body.description
|
||||
|
||||
// Check that signups are allowed
|
||||
if (config.allow_signup == true) {
|
||||
@@ -450,7 +430,7 @@ app.post("/submit_edit_user", (req,res) => {
|
||||
// Get the form info
|
||||
const password = crypto.createHash("sha512").update(req.body.password).digest("hex");
|
||||
const userID = func.escape_input(req.body.userID)
|
||||
const description = func.escape_input(req.body.description)
|
||||
const description = req.body.description
|
||||
const prettyname = func.escape_input(req.body.prettyname)
|
||||
const delete_bool = req.body.delete
|
||||
|
||||
@@ -496,9 +476,9 @@ app.post("/submit_edit_post", (req,res) => {
|
||||
const password = crypto.createHash('sha512').update(req.body.password).digest('hex');
|
||||
const postID = req.body.postID
|
||||
const userID = req.body.userID
|
||||
const title = req.body.title
|
||||
const title = func.escape_input(req.body.title)
|
||||
const content = req.body.content
|
||||
const tags = req.body.tags.split(',');
|
||||
const tags = func.escape_input(req.body.tags).split(",")
|
||||
const delete_bool = req.body.delete
|
||||
const unix_timestamp = getUnixTime(new Date())
|
||||
console.log(users[userID]['prettyname'], "is editting the post titled:", title);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<h1>
|
||||
<%= user.prettyname %>
|
||||
</h1>
|
||||
<p><%- converter.makeHtml(user.description) %></p>
|
||||
<p><%- func.render_md(user.description) %></p>
|
||||
<a href="<%= config.edit_account_base_url %>/<%= userID %>"><%= locale.edit_account %></a><br/>
|
||||
<a href="/user/<%= user.username %>/rss"><%= locale.rss_feed %></a><br/>
|
||||
<a href="/user/<%= user.username %>/atom"><%= locale.atom_feed %></a>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<h1>
|
||||
<%= post.title %>
|
||||
</h1>
|
||||
<%- converter.makeHtml(post.content) %><br/>
|
||||
<%- func.render_md(post.content) %><br/>
|
||||
<i>
|
||||
<%= locale.written_by %> <a href="/user/<%= user.username %>"><%= user.username %></a><br/>
|
||||
</i>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<h3>
|
||||
<%= post.title %>
|
||||
</h3>
|
||||
<%- converter.makeHtml(post.content) %><br/>
|
||||
<%- func.render_md(post.content) %><br/>
|
||||
<a href="/post/<%- postID %>"><%= locale.permalink %></a><br/>
|
||||
<%- func.hyperlink_tags(post.tags) %>
|
||||
<br/>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<h3>
|
||||
<%= post.title %>
|
||||
</h3>
|
||||
<%- converter.makeHtml(post.content) %><br/>
|
||||
<%- func.render_md(post.content) %><br/>
|
||||
<a href="/post/<%- index %>"><%= locale.permalink %></a><br/>
|
||||
<i>
|
||||
<%= locale.written_by %> <a href="/user/<%= user.username %>"><%= user.username %></a><br/>
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<h3>
|
||||
<%= post.title %>
|
||||
</h3>
|
||||
<%- converter.makeHtml(post.content) %><br/>
|
||||
<%- func.render_md(post.content) %><br/>
|
||||
<a href="/post/<%- index %>"><%= locale.permalink %></a><br/>
|
||||
<br/>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user