Show All Addons or filter to ThemesPluginsApplications
Show addons for Both Vanilla Versions or filter to Vanilla 1Vanilla 2
Order by RecentPopular

Addons Plugins Markdown 1.1.2

Provides Markdown formatting for comments, by means of a thin wrapper around Michel Fortin's PHP Markdown Extra. Thanks, Michel!

This extension's version number is the same as PHP Markdown Extra's.

Warning! We have not performed any code-review or testing of this addon. Use it at your own risk.
Author
a_magical_me
Version
1.1.2 
Released
July 2006
Downloads
1954

Download Now

Requirements

Requires
Vanilla 1

Other Requirements (if any):

Comments

  • Uploaded version 1.1.2 of Markdown.

  • Uploaded version 1.1.2 of Markdown.

  • This extension doesn't allow the usage of inline HTML, while Markdown should. HTML tags are being parsed as plain text. Is there a way to fix this?

  • This is excellent but is it possible to restrict which tags can be used? Ideally I'd like to block headers and rules.

  • Yes, HTML is stripped by the extension, for security purposes. I believe the ideal setup would be to chain this formatter with the Kses formatter so that the post passes through them both.

  • I'd really appreciate it if you could tell me how to allow HTML in this extension.

  • You'd have to replace line 18 ($String = $this->ProtectString($String);) with some other function that strips out potentially harmful HTML.

    I'd recommend copying kses.php inside the markdown folder, then add include('kses.php'); just after the dictionary definition, and change line 18 to be $string = kses($String, array());

    This would also give you some kind of tag policy, where you could put a list of HTML tags and attributes you want to allow in the array if Kses blocks them.

  • Great extension! Just two tiny points:

    1. I notice that the Markdown StringFormatter doesn't call StringFormatter's ParseChildren() to give any child formatters a chance to work their magic.
    2. Since you are supposed to be able to enter HTML tags in Markdown, why not parse the document through the HTML StringFormatter, if that plugin is present?


    The following patch will achieve both these aims:

    --- default.php.orig 2009-03-13 15:57:59.000000000 +0000<br />+++ default.php 2009-03-19 12:52:39.000000000 +0000<br />@@ -17,13 +17,21 @@<br /> class MarkdownFormatter extends StringFormatter {<br /> function Parse($String, $Object, $FormatPurpose) {<br /> if ($FormatPurpose == FORMAT_STRING_FOR_DISPLAY) {<br />- $String = $this->ProtectString($String);<br />- return Markdown($String);<br />+ if( isset( $Object->Context->StringManipulator->Formatters[ "Html" ] ) ) {<br />+ $String = Markdown( $String );<br />+ $String = $Object->Context->StringManipulator->Formatters[ "Html" ]->Execute( $String, true );<br />+ }<br />+ else {<br />+ $String = $this->EscapeHtml( $String );<br />+ $String = Markdown( $String );<br />+ }<br />+ $String = $this->ParseChildren($String, $Object, $FormatPurpose);<br />+ return $String;<br /> } else {<br /> return $String;<br /> }<br /> }<br />- function ProtectString ($String) {<br />+ function EscapeHtml ($String) {<br /> //$String = str_replace("<", "&lt;", $String);<br /> // $String = str_replace(">", "&gt;", $String);<br /> $String = explode("\n", $String);
    There is a problem with this though. The HTML formatter, by default, is set to convert newlines to <br/> tags. This makes the output of the HTML formatter look screwed up (spread out over far too many lines). There are two ways to fix this.

    First, you could turn off the HTML formatter's HTML_CONVERT_NEWLINES option at the top of HtmlFomatter/default.php plugin. I don't like this solution though, cause I want the HTML formatter to convert newlines. The second solution is to apply this patch to the HTML formatter, so that we can specify that the HTML formatter should only parse and not do formatting:

    --- default.php.orig 2009-03-19 13:02:20.000000000 +0000<br />+++ default.php 2009-03-19 13:04:46.000000000 +0000<br />@@ -111,7 +111,7 @@<br /> $this->TagArray = &$GLOBALS['Html_TagArray'];<br /> }<br /><br />- function Execute($String)<br />+ function Execute($String, $ParseOnly)<br /> {<br /> $this->TagArray = array('normal' => array(), 'extraclosing' => array());<br /> $String = str_replace(chr(0), ' ', $String);<br />@@ -172,7 +172,7 @@<br /> $sReturn<br /> );<br /><br />- if(HTML_CONVERT_NEWLINES)<br />+ if(HTML_CONVERT_NEWLINES && !$ParseOnly)<br /> $sReturn = str_replace(<br /> array("\r\n", "\r", "\n"),<br /> '<br />',<br />@@ -389,7 +389,7 @@<br /><br /> function Parse($String, $Object, $FormatPurpose)<br /> {<br />- if($FormatPurpose == FORMAT_STRING_FOR_DISPLAY) $sReturn = $this->Execute($String);<br />+ if($FormatPurpose == FORMAT_STRING_FOR_DISPLAY) $sReturn = $this->Execute($String, false);<br /> else $sReturn = $String;<br /><br /> return $this->ParseChildren($sReturn, $Object, $FormatPurpose);

  • @WallPhone: kses.php is unsuitable for these purposes for two reasons:

    1. It is no longer maintained, and
    2. it is only a simple filter, it will not remove malicious close tags (for example)

  • Warning: it is simple to insert malicious code with this plugin as is. The inbuilt sanitiser only sanitises tags that aren't in code blocks. Unfortunately, it doesn't always get it right as to what is and isn't a code block, thus letting through html tags which markdown doesn't then escape (which it would if they were in a code block). So some additional sanitiser is required.

Want to take part in this discussion? Click one of these: Sign In Register For Membership

Make Your Own Addons!

What is this stuff?

Addons are custom features that you can add to your Vanilla forum. Addons are created by our community of developers and people like you!

Vanilla Approved?

We review addons to make sure they are safe and don't cause bugs. An addon is considered to be "Vanilla Approved" once our review process is complete.

Don't have Vanilla yet?

Download Vanilla Now