Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Markdown: Proper GFM support and rendering consistency between front and back #2341

Merged
merged 7 commits into from Jan 7, 2020
Merged

Markdown: Proper GFM support and rendering consistency between front and back #2341

merged 7 commits into from Jan 7, 2020

Conversation

noirbizarre
Copy link
Contributor

@noirbizarre noirbizarre commented Oct 9, 2019
edited

This PR change the backend markdown implementation from commonmark-py to mistune which is faster and support GFM (ie. strikethrough, tables...).

This also fixes:

  • the JSON-LD description field which should be a raw text field and was a mix of raw and html strings (without proper escapign which was a security issue) (See: https://w3c.github.io/json-ld-syntax/#restrictions-for-contents-of-json-ld-script-elements)
  • client-side escaping errors
  • the mdstrip which was rendering twice (and so was creating a small performance hit)
  • the tags security filtering which was happening too early (and so let some tags pass)

As the GFM specs gives a list of unauthorized tags, the MD_ALLOWED_TAGS could be removed (not done here but could be)

@noirbizarre noirbizarre added this to the 2.0 milestone Oct 9, 2019
@noirbizarre noirbizarre requested a review from a team October 9, 2019 14:33
@abulte abulte mentioned this pull request Nov 22, 2019
Closed
abulte
abulte approved these changes Nov 27, 2019
View reviewed changes
udata/settings.py
'tbody',
'thead',
'tfooter',
# 'title',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove?

udata/frontend/helpers.py


@front.app_template_filter()
def embedded_json_ld(jsonld):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this related to markdown somehow?

@abulte abulte merged commit 9e87fe4 into opendatateam:py3 Jan 7, 2020
abulte added a commit that referenced this pull request Mar 11, 2020
@abulte
Migrate to python 3 🎉 (#1766)
a3ec9d8 
### Breaking changes

- Migration to Python 3.7 [#1766](#1766)
- The new migration system ([#1956](#1956)) uses a new python based format. Pre-2.0 migrations are not compatible so you might need to upgrade to the latest `udata` version `<2.0.0`, execute migrations and then upgrade to `udata` 2+.
- The targeted mongo version is now Mongo 3.6. Backward support is not guaranteed

### New features

- New migration system [#1956](#1956):
  - Use python based migrations instead of relying on mongo internal and deprecated `js_exec`
  - Handle rollback (optionnal)
  - Detailled history
- Template hooks generalization: allows to dynamically extend template with widgets and snippets from extensions. See [the dedicated documentation section](https://udata.readthedocs.io/en/stable/extending/#hooks) [#2323](#2323)
- Markdown now supports [Github Flavored Markdown (GFM) specs](https://github.github.com/gfm/) (ie. the already supported [CommonMark specs](https://spec.commonmark.org) plus tables, strikethrough, autolinks support and predefined disallowed raw HTML) [#2341](#2341)
@taniki taniki mentioned this pull request May 26, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abulte abulte abulte approved these changes

Assignees
No one assigned
Labels
bug enhancement security
Projects
None yet
Milestone
2.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@noirbizarre @abulte