Top Level Namespace

Defined Under Namespace

Modules: MarkdownIt, MotionMarkdownIt, SimpleIDN Classes: HTMLEntities, Integer, String

Constant Summary

CONFIG =

Main parser class

---

{
  default:    MarkdownIt::Presets::Default.options,
  zero:       MarkdownIt::Presets::Zero.options,
  commonmark: MarkdownIt::Presets::Commonmark.options
}

BAD_PROTO_RE =

---

This validator can prohibit more than really needed to prevent XSS. It’s a tradeoff to keep code simple and to be secure by default.

If you need different setup - override validator method as you wish. Or replace it with dummy function and use external sanitizer.

/^(vbscript|javascript|file|data):/

GOOD_DATA_RE =

/^data:image\/(gif|png|jpeg|webp);/

VALIDATE_LINK =

lambda do |url|
  # url should be normalized at this point, and existing entities are decoded
  #
  str = url.strip.downcase

  return !!(BAD_PROTO_RE =~ str) ? (!!(GOOD_DATA_RE =~ str) ? true : false) : true
end

RECODE_HOSTNAME_FOR =

[ 'http:', 'https:', 'mailto:' ]

NORMALIZE_LINK =

mdurl comes from github.com/markdown-it/mdurl

lambda do |url|
  parsed = MDUrl::Url.urlParse(url, true)
  if parsed.hostname
    # Encode hostnames in urls like:
    # `http://host/`, `https://host/`, `mailto:user@host`, `//host/`
    #
    # We don't encode unknown schemas, because it's likely that we encode
    # something we shouldn't (e.g. `skype:name` treated as `skype:host`)
    if !parsed.protocol || RECODE_HOSTNAME_FOR.include?(parsed.protocol)
      begin
        trailing_dot    = parsed.hostname[-1] == '.'
        parsed.hostname = SimpleIDN.to_ascii(parsed.hostname)
        parsed.hostname << '.' if trailing_dot
      rescue
        # then use what we already have
      end
    end
  end
 
  return MDUrl::Encode.encode(MDUrl::Format.format(parsed))
end

NORMALIZE_LINK_TEXT =

lambda do |url|
  parsed = MDUrl::Url.urlParse(url, true)
  if parsed.hostname
    # Encode hostnames in urls like:
    # `http://host/`, `https://host/`, `mailto:user@host`, `//host/`
    #
    # We don't encode unknown schemas, because it's likely that we encode
    # something we shouldn't (e.g. `skype:name` treated as `skype:host`)
    if !parsed.protocol || RECODE_HOSTNAME_FOR.include?(parsed.protocol)
      begin
        trailing_dot    = parsed.hostname[-1] == '.'
        parsed.hostname = SimpleIDN.to_unicode(parsed.hostname)
        parsed.hostname << '.' if trailing_dot
      rescue
        # then use what we already have
      end
    end
  end

  return MDUrl::Decode.decode(MDUrl::Format.format(parsed))
end