script tags are filtered in blackfriday MarkdownCommon

[philips]

Filing this bug because I don't know what approach I should take. Currently blackfriday filters out script tags which is annoying since speakerdeck uses script tags to embed their slides.

There are two possible fixes:

• Unconditionally disable script tag filtering
• Make it some sort of config.json thing

Here is the line of code that is causing this:

https://github.com/theplant/blackfriday/blob/master/markdown.go#L239

[spf13]

Does the shortcode approach work?

See how I did it on spf13.com http://github.com/spf13/spf13.com

Steve Francia spf13.com @spf13

On Jan 18, 2014, at 10:25 PM, Brandon Philips notifications@github.com wrote:

Filing this bug because I don't know what approach I should take. Currently blackfriday filters out script tags which is annoying since speakerdeck uses script tags to embed their slides.

There are two possible fixes:

Unconditionally disable script tag filtering Make it some sort of config.json thing Here is the line of code that is causing this:

https://github.com/theplant/blackfriday/blob/master/markdown.go#L239

— Reply to this email directly or view it on GitHub.

[philips]

@spf13 The shortcode is getting filtered too. I am guessing it comes into the pipeline before markdown rendering.

[philips]

@spf13 I should clarify that I made the shortcode output a div instead of a script and the div doesn't get filtered.

[spf13]

Ah, it does. I’ve thought about another approach to short codes that avoid any rendering. Something like [[% shortcode %]] instead. 

Would that do it?

We could also explore the options you suggested. 

Best, Steve

--  Steve Francia http://stevefrancia.com http://spf13.com http://twitter.com/spf13

On January 19, 2014 at 3:40:47 PM, Brandon Philips (notifications@github.com) wrote:

@spf13 I should clarify that I made the shortcode output a div instead of a script and the div doesn't get filtered.

— Reply to this email directly or view it on GitHub.

[philips]

@spf13 You could use the shortcode file extension. .md shortcodes get put in before markdown rendering, .html gets put in after markdown rendering.

[philips]

The [[%%]] suggestion works too but it we might already have the metadata via the file extension.

[spf13]

I’ve thought of that, but that puts the decision on the short code author, rather than the user. The user would know better if the input would need escaping or not (especially in the case of the .inner short codes). 

I don’t think I’ve thought through it thoroughly enough yet though. 

Best, Steve

--  Steve Francia http://stevefrancia.com http://spf13.com http://twitter.com/spf13

On January 19, 2014 at 3:47:07 PM, Steve Francia (steve.francia@gmail.com) wrote:

Ah, it does. I’ve thought about another approach to short codes that avoid any rendering. Something like [[% shortcode %]] instead. 

Would that do it?

We could also explore the options you suggested. 

Best, Steve

--  Steve Francia http://stevefrancia.com http://spf13.com http://twitter.com/spf13

On January 19, 2014 at 3:40:47 PM, Brandon Philips (notifications@github.com) wrote:

@spf13 I should clarify that I made the shortcode output a div instead of a script and the div doesn't get filtered.

— Reply to this email directly or view it on GitHub.

[spf13]

I believe I've sorted this out with the latest contributions to head. Blackfriday (our markdown library) has added the ability to ignore scripts. The latest commits utilize this feature. Can you confirm this works for you. Additionally if you could add a test case to confirm that would prevent any issues in the future.

[yinghau76]

It seems that this issue still happen on the latest version. All script tags in markdown and shortcodes will get filtered.

[github-actions[bot]]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.