search

r-lib / commonmark

High Performance CommonMark and Github Markdown Rendering in R
https://docs.ropensci.org/commonmark/
Other
88 stars 11 forks source link

Tagfilter extension is not applied #15

Open gadenbuie opened 3 years ago

gadenbuie commented 3 years ago

I may be misunderstanding the prescribed usage of the tagfilter extension, but it doesn't seem to be working.

library(commonmark)

markdown_commonmark("<title><style></style></title>", extensions = "tagfilter")
#> [1] "<title><style></style></title>\n"
markdown_html("<title><style></style></title>", extensions = "tagfilter")
#> [1] "<title><style></style></title>\n"

In both cases, the spec indicates that we should expect

"&lt;title>&lt;style></style></title>\n"
Session info ``` r devtools::session_info() #> ─ Session info ─────────────────────────────────────────────────────────────── #> setting value #> version R version 3.6.3 Patched (2020-04-28 r79534) #> os macOS 10.16 #> system x86_64, darwin15.6.0 #> ui X11 #> language (EN) #> collate en_US.UTF-8 #> ctype en_US.UTF-8 #> tz America/New_York #> date 2020-12-28 #> #> ─ Packages ─────────────────────────────────────────────────────────────────── #> package * version date lib source #> assertthat 0.2.1 2019-03-21 [1] standard (@0.2.1) #> callr 3.5.1 2020-10-13 [1] standard (@3.5.1) #> cli 2.2.0 2020-11-20 [1] standard (@2.2.0) #> commonmark * 1.7 2018-12-01 [1] standard (@1.7) #> crayon 1.3.4 2017-09-16 [1] standard (@1.3.4) #> desc 1.2.0 2018-05-01 [1] standard (@1.2.0) #> devtools 2.3.2 2020-09-18 [1] standard (@2.3.2) #> digest 0.6.27 2020-10-24 [1] standard (@0.6.27) #> ellipsis 0.3.1 2020-05-15 [1] standard (@0.3.1) #> evaluate 0.14 2019-05-28 [1] standard (@0.14) #> fansi 0.4.1 2020-01-08 [1] standard (@0.4.1) #> fs 1.5.0 2020-07-31 [1] standard (@1.5.0) #> glue 1.4.2 2020-08-27 [1] standard (@1.4.2) #> highr 0.8 2019-03-20 [1] standard (@0.8) #> htmltools 0.5.0.9003 2020-12-04 [1] Github (rstudio/htmltools@d18bd8e) #> knitr 1.30 2020-09-22 [1] standard (@1.30) #> lifecycle 0.2.0 2020-03-06 [1] standard (@0.2.0) #> magrittr 2.0.1 2020-11-17 [1] standard (@2.0.1) #> memoise 1.1.0 2017-04-21 [1] standard (@1.1.0) #> pkgbuild 1.1.0 2020-07-13 [1] standard (@1.1.0) #> pkgload 1.1.0 2020-05-29 [1] standard (@1.1.0) #> prettyunits 1.1.1 2020-01-24 [1] standard (@1.1.1) #> processx 3.4.4 2020-09-03 [1] standard (@3.4.4) #> ps 1.4.0 2020-10-07 [1] standard (@1.4.0) #> purrr 0.3.4 2020-04-17 [1] standard (@0.3.4) #> R6 2.5.0 2020-10-28 [1] standard (@2.5.0) #> remotes 2.2.0 2020-07-21 [1] standard (@2.2.0) #> rlang 0.4.9 2020-11-26 [1] standard (@0.4.9) #> rmarkdown 2.5 2020-10-21 [1] standard (@2.5) #> rprojroot 2.0.2 2020-11-15 [1] standard (@2.0.2) #> sessioninfo 1.1.1 2018-11-05 [1] standard (@1.1.1) #> stringi 1.5.3 2020-09-09 [1] standard (@1.5.3) #> stringr 1.4.0 2019-02-10 [1] standard (@1.4.0) #> testthat 3.0.0 2020-10-31 [1] standard (@3.0.0) #> usethis 2.0.0.9000 2020-12-10 [1] Github (r-lib/usethis@f96bf2e) #> withr 2.3.0 2020-09-22 [1] standard (@2.3.0) #> xfun 0.19 2020-10-30 [1] standard (@0.19) #> yaml 2.2.1 2020-02-01 [1] standard (@2.2.1) #> #> [1] /Library/Frameworks/R.framework/Versions/3.6/Resources/library ```
yihui commented 1 year ago

I just discovered this problem, too.

jeroen commented 1 year ago

Hmm thanks. I'll look into it. I think maybe this feature conflicts with some other options that we need to enable for rmarkdown, such as CMARK_OPT_UNSAFE https://github.com/r-lib/commonmark/blob/7d908079d06c6b5ffee2b6c35ff5f3409253278c/src/wrapper.c#L68-L69

From the manual page:

Security By default, the library will scrub raw HTML and potentially dangerous links (javascript:, vbscript:, data:, file:). To allow these, use the option CMARK_OPT_UNSAFE (or --unsafe) with the command line program.