Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unexpected url handling #403

Closed
3 tasks done
ThatFave opened this issue Jul 6, 2023 · 0 comments
Closed
3 tasks done

unexpected url handling #403

ThatFave opened this issue Jul 6, 2023 · 0 comments

Comments

@ThatFave
Copy link

ThatFave commented Jul 6, 2023

goldmark has https://github.com/yuin/goldmark/discussions in github.
You should post only issues here. Feature requests and questions should be posted at discussions.

  • goldmark is fully compliant with the CommonMark. Before submitting issue, you must read CommonMark spec and confirm your output is different from CommonMark online demo.
    • Extensions(Autolink without < >, Table, etc) are not part of CommonMark spec. You should confirm your output is different from other official renderers correspond with an extension.
  • goldmark is not dedicated for Hugo. If you are Hugo user and your issue was raised by your experience in Hugo, you should consider create issue at Hugo repository at first .

Please answer the following before submitting your issue:

  1. What version of goldmark are you using? : v1.5.4
  2. What version of Go are you using? : go version go1.20.5 linux/amd64
  3. What operating system and processor architecture are you using? : linux, amd64
  4. What did you do? : used this funtion to open a markdown file:
func openMD(filePath string) (string, *PostMeta, error) {
	content, err := os.ReadFile(filePath)
	if err != nil {
		return "", nil, err
	}

	md := goldmark.New(
		goldmark.WithExtensions(extension.GFM),
		goldmark.WithParserOptions(parser.WithAutoHeadingID()),
		goldmark.WithRendererOptions(),
	)

	var htmlOutput strings.Builder
	if err := md.Convert(content, &htmlOutput); err != nil {
		return "", nil, err
	}

	meta := &PostMeta{}
	meta.Title = "title not set"

	metaData, err := extractCustomMetadata(string(content))
	if err != nil {
		return "", nil, err
	}

	if err := parseCustomMetadata(metaData, meta); err != nil {
		return "", nil, err
	}

	meta.FirstParagraph = extractFirstParagraph(htmlOutput.String())

	return htmlOutput.String(), meta, nil
}
---
title: test
date: 2023-07-06 09-28-19 +0
categories: [DEV]
tags: [dev, server, ci, docker]
---

[Basic](javascript:alert('Basic'))
[CaseInsensitive](JaVaScRiPt:alert('CaseInsensitive'))
  1. What did you expect to see? : it being handled like [Basic](javascript:alert('Basic')) to not allow an alert
  2. What did you see instead? : this html:
[...]
<a href="">Basic</a>
<a href="JaVaScRiPt:alert('CaseInsensitive')">CaseInsensitive</a>
  1. Did you confirm your output is different from CommonMark online demo or other official renderer correspond with an extension?: the demo give this html:
[...]
<p><a href="javascript:alert('Basic')">Basic</a>
<a href="JaVaScRiPt:alert('CaseInsensitive')">CaseInsensitive</a></p>

I think goldmarks way of handling basic to be good, but it is not consistent. may be unintentional. full code: https://git.fave.lu/fave/blog
@yuin yuin closed this as completed in 254b9f8 Jul 23, 2023
persuader72 pushed a commit to persuader72/goldmark that referenced this issue Apr 19, 2024
@yuin @persuader72
Fix yuin#403, Fix yuin#406
0d4234b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ThatFave