search

yuin / goldmark

:trophy: A markdown parser written in Go. Easy to extend, standard(CommonMark) compliant, well structured.
MIT License
3.68k stars 255 forks source link

backslash in image "alt" attribute #456

Closed JohannesKaufmann closed 4 months ago

JohannesKaufmann commented 4 months ago

Goldmark is a really solid library, thanks a lot for making it!

This bug is not really important, the user won't really notice. But it differs from the CommonMark implementation, so I wanted to report it nevertheless.

Background

First, I learned that an unescaped backtick in the image alt could (accidentally) trigger an inline code. By escaping the backtick, the markdown renders correctly (see Screenshot 1).

goldmark_1

However the behaviour of the CommonMark Demo and Goldmark differ. In Goldmark the \ backslash stays in the rendered html (see Screenshot 2).

goldmark_2

This causes the backslash to unexpectedly render in the browser (see Screenshot 3).

goldmark_3

Steps to Reproduce

source := []byte("![\\`alt](https://example.com/img.png)")

var buf bytes.Buffer
if err := goldmark.Convert(source, &buf); err != nil {
  panic(err)
}

fmt.Println(buf.String())
// Got:       <p><img src="https://example.com/img.png" alt="\`alt"></p>
// Expected:  <p><img src="https://example.com/img.png" alt="`alt" /></p>
  1. What version of goldmark are you using? : v1.7.2
  2. What version of Go are you using? : 1.21
  3. What operating system and processor architecture are you using? : MacOS ARM