-
Notifications
You must be signed in to change notification settings - Fork 29k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add MarkdownString.supportsHtml api proposal #132182
Conversation
// If we want to allow markdown permitted tags, then we can delete sanitizer and sanitize. | ||
// We always pass the output through insane after this so that we don't rely on | ||
// marked for sanitization. | ||
markedOptions.sanitizer = (html: string): string => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexr00 Are you aware of any extensions besides GitHub PR that use spans in markdown? Would Github PR be able to adopt supportHtml
so that we can remove our customize sanitizer here?
} | ||
} | ||
|
||
appendText(value: string, newlineStyle: MarkdownStringTextNewlineStyle = MarkdownStringTextNewlineStyle.Paragraph): MarkdownString { | ||
this.value += escapeMarkdownSyntaxTokens(this.supportThemeIcons ? escapeIcons(value) : value) | ||
.replace(/([ \t]+)/g, (_match, g1) => ' '.repeat(g1.length)) | ||
.replace(/^>/gm, '\\>') | ||
.replace(/\>/gm, '\\>') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👯
} | ||
} | ||
|
||
appendText(value: string, newlineStyle: MarkdownStringTextNewlineStyle = MarkdownStringTextNewlineStyle.Paragraph): MarkdownString { | ||
this.value += escapeMarkdownSyntaxTokens(this.supportThemeIcons ? escapeIcons(value) : value) | ||
.replace(/([ \t]+)/g, (_match, g1) => ' '.repeat(g1.length)) | ||
.replace(/^>/gm, '\\>') | ||
.replace(/\>/gm, '\\>') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Fixes #40607 This change introduces a new `supportsHtml` property on `MarkdownString` that can be used to enable rendering of a safe subset of tags and attributes inside of markdown strings For backwards compatibility, `supportsHtml` will default to false and must be explicitly enabled by extensions This PR will need to go in after we adopt dompurify (#131950) which should provide better control over how we actually go about sanitizing rendered html
d007982
to
76dd95b
Compare
Would this change (or dompurify PR) make it easier to support more styling properties on Properties like |
Not really. If we want to support a subset of css styles, we'd need a good css sanitizer as well. Right now we only support one or two a very specific style strings |
For #40607
This change introduces a new
supportsHtml
property onMarkdownString
that can be used to enable rendering of a safe subset of tags and attributes inside of markdown stringsFor backwards compatability,
supportsHtml
will default to false and must be explicitly enabled by extensionsThis PR will need to go in after we adopt dompurify (#131950) which should provide better control over how we actually go about sanitizing rendered html