diff --git a/pkg/richtext/main_test.go b/pkg/richtext/main_test.go new file mode 100644 index 000000000..7c7dd8a3e --- /dev/null +++ b/pkg/richtext/main_test.go @@ -0,0 +1,47 @@ +// Vikunja is a to-do list application to facilitate your life. +// Copyright 2018-present Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package richtext + +import ( + "os" + "testing" + + "code.vikunja.io/api/pkg/db" + "code.vikunja.io/api/pkg/log" + "code.vikunja.io/api/pkg/user" +) + +// TestMain bootstraps a test DB with user fixtures so the mention-resolution +// tests can look up real users. The pure converter tests don't touch the DB. +func TestMain(m *testing.M) { + log.InitLogger() + + x, err := db.CreateTestEngine() + if err != nil { + log.Fatal(err) + } + + if err := x.Sync2(user.GetTables()...); err != nil { + log.Fatal(err) + } + + if err := db.InitTestFixtures("users"); err != nil { + log.Fatal(err) + } + + os.Exit(m.Run()) +} diff --git a/pkg/richtext/markdowntohtml.go b/pkg/richtext/markdowntohtml.go new file mode 100644 index 000000000..2617de4ec --- /dev/null +++ b/pkg/richtext/markdowntohtml.go @@ -0,0 +1,76 @@ +// Vikunja is a to-do list application to facilitate your life. +// Copyright 2018-present Vikunja and contributors. All rights reserved. +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package richtext + +import ( + "bytes" + "fmt" + "strings" + + "github.com/yuin/goldmark" + "github.com/yuin/goldmark/extension" + "xorm.io/xorm" +) + +// markdownConverter renders GFM but never enables html.WithUnsafe() — raw HTML in +// the markdown stays inert, so the only active markup is what goldmark emits. This +// is what stops user-supplied markdown from smuggling in scripts. +var markdownConverter = goldmark.New( + goldmark.WithExtensions(extension.GFM), +) + +// MarkdownToHTML converts GFM Markdown to canonical rich-text HTML, rewriting task +// lists into TipTap's