You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I miss the concepts of shortcodes from Hugo and others. I think it would be straightforward to implement this in Bartholomew by running the markdown through the handlebars rendering engine before running it through the markdown rendering engine.
as an example I might want an alert in my blog post warning people of a potentially destructive action.
{{ alert "danger" "This might eat your data" }}
This would execute the script called "alert.rhai" with the two strings as parameters. The execution of the script would return html that would then be passed through to the markdown renderer.
Thoughts:
The output would have to have no html entity escaping.
We can share the script directory used by the templates, or for more clarity, create a new markdown-only script directory
Security considerations:
This introduces all sorts of dangerous injection vectors. Should it be disabled by default? Caveat Emptor?
we could manually strip out <script> tags, but that might be a useful bit of functionality to keep too
It might end up being a case where documentation is the best option and we trust the end user to inform themselves and protect against untrusted content sources
I have a prototype of this functionality that works today I'll be sending as a PR. It needs careful review.
Thanks for building Bartholomew!
The text was updated successfully, but these errors were encountered:
I miss the concepts of shortcodes from Hugo and others. I think it would be straightforward to implement this in Bartholomew by running the markdown through the handlebars rendering engine before running it through the markdown rendering engine.
as an example I might want an alert in my blog post warning people of a potentially destructive action.
This would execute the script called "alert.rhai" with the two strings as parameters. The execution of the script would return html that would then be passed through to the markdown renderer.
Thoughts:
Security considerations:
I have a prototype of this functionality that works today I'll be sending as a PR. It needs careful review.
Thanks for building Bartholomew!
The text was updated successfully, but these errors were encountered: