Closed samnabi closed 7 years ago
Text is parsed as Markdown. message().
Oh, my mistake. I noticed my smartypants settings (curly quotes, etc.) weren't being applied to the comment text. I thought markdown handled that. It turns out kirbytext()
is the function that parses through smartypants.
Would you consider using kirbytext()
instead of markdown()
in the message()
function?
kirbytext()
is dangerous, as you are able to access custom kirbytext extensions when writing a comment.
It would expand the commenter's ability to insert inline YouTube videos, or properly obfuscated email addresses. I don't think this is inherently dangerous.
On second thought, this does add a degree of complexity and site owners might not realize that their commenters can use kirbytags.
How about just running the smartypants filter after markdown()
: https://github.com/getkirby/kirby/blob/fe9d8c5e70a3d73a41e3f3e10cb0fb62fc3a2611/core/kirbytext.php#L55
Some thoughts:
Applying smartypants is a good for English websites, but it may be an issue when writing comments in different languages. I think it’s best to offer smartypants as an option.
Smartypants settings can be applied per-language: https://forum.getkirby.com/t/is-it-possible-to-change-options-for-smartypants-dependent-on-the-language/1940
I will add an option for smartypants (default: enabled), so that it can be disabled for certain languages.
It doesn't look like this plugin takes advantage of the built-in markdown parser.