Unable to filter html

[aleemb]

I tried the following but the HTML tags aren't being filtered.

$options = array("autolink"=>true, "tables"=>true, "filter_html"=>true);
$renderer = new \Sundown\Render\Base($options);
$md = new \Sundown\Markdown($renderer);

// outputs <strong>foo</strong>
$html = $md->render("<strong>foo</strong>");

Also tried another way but to no avail:

$md = new \Sundown\Markdown($renderer, ["filter_html"=>true]);

Am I missing something?

[aleemb]

I may have over-simplified the test case. The following is the test-case that doesn't filter the HTML:

// outputs <div style="font-weight: bold">testing</div>
$html = $md->render("<div style="font-weight: bold">testing</div>");

[chobie]

Hi, @aleemb

\Sundown\Render\Base does not support any options. in you case, please use \Sundown\Render\HTML or \Sundown\Render\XHTML.

<?php
$options = array("autolink"=>true, "tables"=>true, "filter_html"=>true);
$renderer = new \Sundown\Render\HTML($options);
$md = new \Sundown\Markdown($renderer);

// outputs <strong>foo</strong>
$html = $md->render("<strong>foo</strong>");
echo $html;
# this will outputs
# <p>foo</p>

[aleemb]

I ran into issues with the following case:

$html = $md->render('<div><b>hello</b></div>');
// <div><b>hello</b></div>

Basically, I don't want to allow any HTML. I'd like to be able to strip HTML and all content within. Right now I was able to enter much larger fragments of HTML (anything inside a block level element). For user-input I think it's best not to trust any HTML within it as most sites do. Currently I am doing this in preprocess using regex but am hoping there is a faster way since this is such a common use-case.

[chobie]

ah, sorry. I found a bug. let me fix it

[aleemb]

Also possibly related to this, I tried returning an empty string from blockHTML callback but input of <div>b>hello</b></div> produced output of hello. I would have expected the output to be empty. Not sure if this is the correct behavior or not for blockHTML but it appears to be working only only the tags but excludes the innerHTML.

I am very grateful to you for such an awesome project, thanks very much.

[chobie]

@aleemb I've made some mistakes regarding filter_html, no_images, and no_links render flags. I'll push sundown to PECL in this weekend as I want to add more test cases.