From 622d03a8233e0b78776ab61e6f7af205054be25d Mon Sep 17 00:00:00 2001 From: Christopher Garrett Date: Wed, 13 Jun 2018 13:04:12 -0700 Subject: [PATCH] [bugfix] Prevents all Marked escaping in plain text This ensures that _all_ escaped characters are unescaped when rendering markdown. Should minimize the impact Marked has on our templates. I've also opened an issue with Marked directly to see if we can upstream this. --- lib/utils/compile-markdown.js | 10 +++++-- .../unit/utils/compile-markdown-test.js | 28 +++++++++++++++++++ 2 files changed, 35 insertions(+), 3 deletions(-) diff --git a/lib/utils/compile-markdown.js b/lib/utils/compile-markdown.js index cb1b16988..6a2e77726 100644 --- a/lib/utils/compile-markdown.js +++ b/lib/utils/compile-markdown.js @@ -74,13 +74,17 @@ class HBSRenderer extends marked.Renderer { return code.replace(/^
/, '
');
   }
 
-  // Unescape quotes in text, as they may be part of a Handlebars statement
+  // Unescape markdown escaping in general, since it can interfere with
+  // Handlebars templating
   text() {
     let text = super.text.apply(this, arguments);
     if (this.config.targetHandlebars) {
       text = text
-        .replace(/"|"/g, `"`)
-        .replace(/'|'/g, `'`);
+        .replace(/&/g, '&')
+        .replace(/</g, '<')
+        .replace(/>/g, '>')
+        .replace(/"|"/g, '"')
+        .replace(/'|'/g, '\'');
     }
     return text;
   }
diff --git a/tests-node/unit/utils/compile-markdown-test.js b/tests-node/unit/utils/compile-markdown-test.js
index e54a0a997..c4f5666de 100644
--- a/tests-node/unit/utils/compile-markdown-test.js
+++ b/tests-node/unit/utils/compile-markdown-test.js
@@ -37,4 +37,32 @@ QUnit.module('Unit | compile-markdown', function(hooks) {
 
     assert.equal(result, expected);
   });
+
+  test('classic components remain unescaped', function(assert) {
+    let input = stripIndent`
+      {{#foo-bar prop="value" otherProp='value'}}
+
+      {{/foo-bar}}
+    `;
+
+    let result = compileMarkdown(input, { targetHandlebars: true });
+    let expected = stripIndent`
+      
{{#foo-bar prop="value" otherProp='value'}} {{/foo-bar}}

+    `;
+
+    assert.equal(result, expected);
+  });
+
+  test('angle bracket contextual components remain unescaped', function(assert) {
+    let input = stripIndent`
+      
+    `;
+
+    let result = compileMarkdown(input, { targetHandlebars: true });
+    let expected = stripIndent`
+      

+    `;
+
+    assert.equal(result, expected);
+  });
 });