[gnome-builder] Markdown preview: HTML-escape inline Markdown source and move to (hidden) DOM element to properly en



commit 0d0fe79471add57704f405369d1eac29051d9ae1
Author: GN <gnome nuclearsunshine com>
Date:   Wed Jul 1 22:03:26 2020 +0000

    Markdown preview: HTML-escape inline Markdown source and move to (hidden) DOM element to properly 
encapsulate.

 src/plugins/html-preview/css/markdown.css    |  4 ++++
 src/plugins/html-preview/html_preview.py     | 27 +++++++++++++++------------
 src/plugins/html-preview/js/markdown-view.js |  2 +-
 3 files changed, 20 insertions(+), 13 deletions(-)
---
diff --git a/src/plugins/html-preview/css/markdown.css b/src/plugins/html-preview/css/markdown.css
index 6085db2c5..fba61e2d6 100644
--- a/src/plugins/html-preview/css/markdown.css
+++ b/src/plugins/html-preview/css/markdown.css
@@ -955,3 +955,7 @@
 .markdown-body .pl-12 {
   padding-left: 128px!important;
 }
+
+.markdown-source {
+  display: none;
+}
diff --git a/src/plugins/html-preview/html_preview.py b/src/plugins/html-preview/html_preview.py
index f6c3e31ce..6160d38a7 100644
--- a/src/plugins/html-preview/html_preview.py
+++ b/src/plugins/html-preview/html_preview.py
@@ -21,8 +21,8 @@
 
 import builtins
 import gi
+import html
 import io
-import json
 import locale
 import os
 import shutil
@@ -434,25 +434,28 @@ class HtmlPreviewPage(Ide.Page):
         self.webview = None
 
     def get_markdown(self, text):
-        params = (HtmlPreviewData.MARKDOWN_CSS.get_data().decode('UTF-8'),
-                  json.dumps(text),
-                  HtmlPreviewData.MARKED_JS.get_data().decode('UTF-8'),
-                  HtmlPreviewData.MARKDOWN_VIEW_JS.get_data().decode('UTF-8'))
-
-        return """
+        markdown_css = HtmlPreviewData.MARKDOWN_CSS.get_data().decode('UTF-8')
+        escaped_markdown = html.escape(text)
+        marked_js = HtmlPreviewData.MARKED_JS.get_data().decode('UTF-8')
+        markdown_view_js = HtmlPreviewData.MARKDOWN_VIEW_JS.get_data().decode('UTF-8')
+        template = """
 <html>
  <head>
-  <style>%s</style>
-  <script>var str=%s;</script>
-  <script>%s</script>
-  <script>%s</script>
+  <style>{markdown_css}</style>
+  <script>{marked_js}</script>
+  <script>{markdown_view_js}</script>
  </head>
  <body onload="preview()">
   <div class="markdown-body" id="preview">
+  <div id="markdown-source">{escaped_markdown}</div>
   </div>
  </body>
 </html>
-""" % params
+"""
+        return template.format(markdown_css=markdown_css,
+                               escaped_markdown=escaped_markdown,
+                               marked_js=marked_js,
+                               markdown_view_js=markdown_view_js)
 
     def get_rst(self, text, path):
         return publish_string(text,
diff --git a/src/plugins/html-preview/js/markdown-view.js b/src/plugins/html-preview/js/markdown-view.js
index 80e32dd86..285a35f02 100644
--- a/src/plugins/html-preview/js/markdown-view.js
+++ b/src/plugins/html-preview/js/markdown-view.js
@@ -10,5 +10,5 @@ marked.setOptions({
 });
 
 function preview(){
-    document.getElementById('preview').innerHTML = marked(str);
+    document.getElementById('preview').innerHTML = 
marked(document.getElementById('markdown-source').childNodes[0].nodeValue);
 }


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]