Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inline base64 image doesn’t render in v3.3.2 #504

Closed
bquorning opened this issue Jul 8, 2015 · 4 comments
Closed

Inline base64 image doesn’t render in v3.3.2 #504

bquorning opened this issue Jul 8, 2015 · 4 comments

Comments

@bquorning
Copy link
Contributor

While upgrading from v3.2.3 to v3.3.2, I noticed that inline images such as

![](data:image/gif;base64,R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=)

will no longer display the image. Is this intentional?

I haven’t yet confirmed this, but I suspect that #416 could be the cause of this changed behavior.
@jbdietrich
Copy link

It looks like autolink code validates the value of the source against a whitelist of protocols: https://github.com/vmg/redcarpet/blob/master/ext/redcarpet/autolink.c#L34.

One potential solution would be to add data:image/ or something similar to the whitelist. In that case maybe it would be necessary to compare image sources against a different whitelist than other links.

@bquorning
Copy link
Contributor Author

In that case maybe it would be necessary to compare image sources against a different whitelist than other links.

True. Also, the current allowing # and mailto: as valid image src protocols seems wrong.

@mhelmetag
Copy link

This works for me on 3.3.4...

irb(main):001:0> require 'redcarpet'
=> true
irb(main):002:0> md = Redcarpet::Markdown.new(Redcarpet::Render::HTML)
=> #<Redcarpet::Markdown:0x007fcecb199de8 @renderer=#<Redcarpet::Render::HTML:0x007fcecb199e10>>
irb(main):003:0> md.render("![](data:image/gif;base64,R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=)")
=> "<p><img src=\"data:image/gif;base64,R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=\" alt=\"\"></p>\n"
irb(main):004:0> puts _
<p><img src="data:image/gif;base64,R0lGODlhAQABAIAAAAUEBAAAACwAAAAAAQABAAACAkQBADs=" alt=""></p>
=> nil

That does render a 1 x 1 pixel.

@robin850
Copy link
Collaborator

Hi there !

Yep, this doesn't work anymore if you've enabled safe_links_only because of #416. I will close this as for the same reasons as #556 ; it's hard to find a behavior that matches every needs for this option so it's as safe as possible. I can only advise you to implement a custom render object:

class CustomRender < Redcarpet::Render::HTML
  # To by-pass the `safe_links_only` option
  def image(link, title, alt_text)
    return %(<img src="#{link}" title="#{title}" alt="#{alt_text}">)
  end
end

# And then
parser = Redcarpet::Markdown.new(CustomRender.new(safe_links_only: true))

Thanks for reporting and sorry for the late answer ! 😊

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bquorning @robin850 @jbdietrich @mhelmetag