Closed DouweKoopmans closed 8 years ago
don't know why coveralls says the coverage went up, i haven't written any tests yet
I have added one commit to the PR. This commit addresses issues related to static state. In Devhub we provide dependecies through dependency injection. Static access is considered a bad practise. This commit
addresses that problem, and provides the PegDownParser
and MarkDownParser
by DI.
Concurrent access to the PegDownParser
is prevented by binding it to the RequestScope
.
No synchronized access is needed, so we keep our concurrency high.
As the TemplateEngine
was accessed as a singleton, and it depends on the PegDownParser
,
access to the TemplateEngine
had to be transformed to RequestScoped
, which is done
by using Guice Providers
.
This implementation suffers from the problem that Pegdown also escapes HTML code, but only within code blocks. Therefore code blocks are now escaped twice, resulting in strange output. We should however run the request over an escaper, as Pegdown only escapes code blocks, and this would make us vulnerable to XSS.
The ideal way to have objects that write to the Freemarker output is to use a directive.
This commit implements such a directive on the existing Markdown parser object.
With this change, [#noescape]
tags around the Markdown blocks are no longer required.
Furthermore, we do not need the BeansWrapper
anymore.
The current syntax is:
[@MarkDownParser message=comment.content/]
Now lets keep an eye on the duplicate escaping issue. Imho no show stopper, as most people will put Java code in the code blocks in our use case anyway.
unfortunately quotation marks are being escaped, so this creates weird output when working with java strings.
Ah thats a shame... Maybe we should fix Pegdown?
fixes #149