markdown tables, sanitize mode off unless collaboration active

This commit is contained in:
Matthew Scragg 2013-10-10 12:26:42 -05:00
parent ccbf8336ea
commit 19cca8f0d6
5 changed files with 20 additions and 20 deletions

View file

@ -102,7 +102,7 @@ def validate_captcha():
def format_subdomain(s): def format_subdomain(s):
s = s.lower() s = s.lower()
s = to_canonical(s) s = to_canonical(s)
if s in ['www']: if s in ['www', 'api']:
# Not allowed # Not allowed
s = "" s = ""
return s return s
@ -145,6 +145,7 @@ def create_app(subdomain=None):
'vendor/components-bootstrap/js/bootstrap.js', 'vendor/components-bootstrap/js/bootstrap.js',
'vendor/handlebars/handlebars.js', 'vendor/handlebars/handlebars.js',
'vendor/showdown/src/showdown.js', 'vendor/showdown/src/showdown.js',
'vendor/showdown/src/extensions/table.js',
'js/wmd.js', 'js/wmd.js',
filters='closure_js'), filters='closure_js'),
'js/html-sanitizer-minified.js', 'js/html-sanitizer-minified.js',

View file

@ -458,17 +458,7 @@ $(function(){
.html('') // unnecessary? .html('') // unnecessary?
.html(md); .html(md);
refreshWordCount(); //refreshWordCount();
}
function refreshWordCount(selectionCount){
var msg = "Words: ";
if (selectionCount !== undefined) {
msg += selectionCount + " of ";
}
if (profile.wordcount) {
$wordcounter.text(msg + countWords(getTextInElement($preview[0])));
}
} }
/** /**

View file

@ -32,7 +32,7 @@ WMD.convert = function(content, options) {
var doc = {raw: content, markdown: content}; var doc = {raw: content, markdown: content};
var opt = WMD.readOptions(options); var opt = WMD.readOptions(options);
WMD.preprocess(doc, opt); WMD.preprocess(doc, opt);
doc.html = WMD.processor(doc.markdown); doc.html = WMD.processor(doc.markdown, true);
WMD.postprocess(doc, opt); WMD.postprocess(doc, opt);
doc.toString = function () { doc.toString = function () {
return doc.html; return doc.html;
@ -52,8 +52,8 @@ function gsub(str, re, fn, /*optional*/newstr) {
} }
return newstr + str; return newstr + str;
} }
WMD.showdown = new Showdown.converter({extensions: ['table']});
WMD.processor = new Showdown.converter().makeHtml; WMD.processor = WMD.showdown.makeHtml;
WMD.preprocessors = { WMD.preprocessors = {

View file

@ -508,9 +508,13 @@ end;i++){var str=grafs[i];if(str.search(/~K(\d+)K/g)>=0)grafsOut.push(str);else
return text};var _EncodeEmailAddress=function(addr){var encode=[function(ch){return"&#"+ch.charCodeAt(0)+";"},function(ch){return"&#x"+ch.charCodeAt(0).toString(16)+";"},function(ch){return ch}];addr="mailto:"+addr;addr=addr.replace(/./g,function(ch){if(ch=="@")ch=encode[Math.floor(Math.random()*2)](ch);else if(ch!=":"){var r=Math.random();ch=r>0.9?encode[2](ch):r>0.45?encode[1](ch):encode[0](ch)}return ch});addr='<a href="'+addr+'">'+addr+"</a>";addr=addr.replace(/">.+:/g,'">');return addr};var _UnescapeSpecialChars= return text};var _EncodeEmailAddress=function(addr){var encode=[function(ch){return"&#"+ch.charCodeAt(0)+";"},function(ch){return"&#x"+ch.charCodeAt(0).toString(16)+";"},function(ch){return ch}];addr="mailto:"+addr;addr=addr.replace(/./g,function(ch){if(ch=="@")ch=encode[Math.floor(Math.random()*2)](ch);else if(ch!=":"){var r=Math.random();ch=r>0.9?encode[2](ch):r>0.45?encode[1](ch):encode[0](ch)}return ch});addr='<a href="'+addr+'">'+addr+"</a>";addr=addr.replace(/">.+:/g,'">');return addr};var _UnescapeSpecialChars=
function(text){text=text.replace(/~E(\d+)E/g,function(wholeMatch,m1){var charCodeToReplace=parseInt(m1);return String.fromCharCode(charCodeToReplace)});return text};var _Outdent=function(text){text=text.replace(/^(\t|[ ]{1,4})/gm,"~0");text=text.replace(/~0/g,"");return text};var _Detab=function(text){text=text.replace(/\t(?=\t)/g," ");text=text.replace(/\t/g,"~A~B");text=text.replace(/~B(.+?)~A/g,function(wholeMatch,m1,m2){var leadingText=m1;var numSpaces=4-leadingText.length%4;for(var i=0;i< function(text){text=text.replace(/~E(\d+)E/g,function(wholeMatch,m1){var charCodeToReplace=parseInt(m1);return String.fromCharCode(charCodeToReplace)});return text};var _Outdent=function(text){text=text.replace(/^(\t|[ ]{1,4})/gm,"~0");text=text.replace(/~0/g,"");return text};var _Detab=function(text){text=text.replace(/\t(?=\t)/g," ");text=text.replace(/\t/g,"~A~B");text=text.replace(/~B(.+?)~A/g,function(wholeMatch,m1,m2){var leadingText=m1;var numSpaces=4-leadingText.length%4;for(var i=0;i<
numSpaces;i++)leadingText+=" ";return leadingText});text=text.replace(/~A/g," ");text=text.replace(/~B/g,"");return text};var escapeCharacters=function(text,charsToEscape,afterBackslash){var regexString="(["+charsToEscape.replace(/([\[\]\\])/g,"\\$1")+"])";if(afterBackslash)regexString="\\\\"+regexString;var regex=new RegExp(regexString,"g");text=text.replace(regex,escapeCharacters_callback);return text};var escapeCharacters_callback=function(wholeMatch,m1){var charCodeToEscape=m1.charCodeAt(0); numSpaces;i++)leadingText+=" ";return leadingText});text=text.replace(/~A/g," ");text=text.replace(/~B/g,"");return text};var escapeCharacters=function(text,charsToEscape,afterBackslash){var regexString="(["+charsToEscape.replace(/([\[\]\\])/g,"\\$1")+"])";if(afterBackslash)regexString="\\\\"+regexString;var regex=new RegExp(regexString,"g");text=text.replace(regex,escapeCharacters_callback);return text};var escapeCharacters_callback=function(wholeMatch,m1){var charCodeToEscape=m1.charCodeAt(0);
return"~E"+charCodeToEscape+"E"}};if(typeof module!=="undefined")module.exports=Showdown;if(typeof define==="function"&&define.amd)define("showdown",function(){return Showdown});function escapeHtml(s){s=""+s;s=s.replace(/&/g,"&amp;");s=s.replace(/</g,"&lt;");s=s.replace(/>/g,"&gt;");s=s.replace(/"/g,"&quot;");s=s.replace(/'/g,"&#39;");return s}var WMD={}; return"~E"+charCodeToEscape+"E"}};if(typeof module!=="undefined")module.exports=Showdown;if(typeof define==="function"&&define.amd)define("showdown",function(){return Showdown});
WMD.convert=function(content,options){var doc={raw:content,markdown:content};var opt=WMD.readOptions(options);WMD.preprocess(doc,opt);doc.html=WMD.processor(doc.markdown);WMD.postprocess(doc,opt);doc.toString=function(){return doc.html};return doc};function gsub(str,re,fn,newstr){newstr=newstr||"";var match=re.exec(str);if(match){newstr+=str.slice(0,match.index);newstr+=fn.apply(null,match);remaining=str.slice(match.index+match[0].length);return gsub(remaining,re,fn,newstr)}return newstr+str} (function(){var table=function(converter){var tables={},style="",filter;tables.th=function(header){if(header.trim()==="")return"";var id=header.trim().replace(/ /g,"_").toLowerCase();return'<th id="'+id+'" style="'+style+'">'+header+"</th>"};tables.td=function(cell){return'<td style="'+style+'">'+converter.makeHtml(cell)+"</td>"};tables.ths=function(){var out="",i=0,hs=[].slice.apply(arguments);for(i;i<hs.length;i+=1)out+=tables.th(hs[i])+"\n";return out};tables.tds=function(){var out="",i=0,ds=[].slice.apply(arguments);
WMD.processor=(new Showdown.converter).makeHtml; for(i;i<ds.length;i+=1)out+=tables.td(ds[i])+"\n";return out};tables.thead=function(){var out,i=0,hs=[].slice.apply(arguments);out="<thead>\n";out+="<tr>\n";out+=tables.ths.apply(this,hs);out+="</tr>\n";out+="</thead>\n";return out};tables.tr=function(){var out,i=0,cs=[].slice.apply(arguments);out="<tr>\n";out+=tables.tds.apply(this,cs);out+="</tr>\n";return out};filter=function(text){var i=0,lines=text.split("\n"),tbl=[],line,hs,rows,out=[];for(i;i<lines.length;i+=1){line=lines[i];if(line.trim().match(/^[|]{1}.*[|]{1}$/)){line=
line.trim();tbl.push('<table class="table table-bordered">');hs=line.substring(1,line.length-1).split("|");tbl.push(tables.thead.apply(this,hs));line=lines[++i];if(!line.trim().match(/^[|]{1}[-=| ]+[|]{1}$/))line=lines[--i];else{line=lines[++i];tbl.push("<tbody>");while(line.trim().match(/^[|]{1}.*[|]{1}$/)){line=line.trim();tbl.push(tables.tr.apply(this,line.substring(1,line.length-1).split("|")));line=lines[++i]}tbl.push("</tbody>");tbl.push("</table>");out.push(tbl.join("\n"));tbl=[];continue}}out.push(line)}return out.join("\n")};
return[{type:"lang",filter:filter}]};if(typeof window!=="undefined"&&window.Showdown&&window.Showdown.extensions)window.Showdown.extensions.table=table;if(typeof module!=="undefined")module.exports=table})();function escapeHtml(s){s=""+s;s=s.replace(/&/g,"&amp;");s=s.replace(/</g,"&lt;");s=s.replace(/>/g,"&gt;");s=s.replace(/"/g,"&quot;");s=s.replace(/'/g,"&#39;");return s}var WMD={};
WMD.convert=function(content,options){var doc={raw:content,markdown:content};var opt=WMD.readOptions(options);WMD.preprocess(doc,opt);doc.html=WMD.processor(doc.markdown,true);WMD.postprocess(doc,opt);doc.toString=function(){return doc.html};return doc};
function gsub(str,re,fn,newstr){newstr=newstr||"";var match=re.exec(str);if(match){newstr+=str.slice(0,match.index);newstr+=fn.apply(null,match);remaining=str.slice(match.index+match[0].length);return gsub(remaining,re,fn,newstr)}return newstr+str}WMD.showdown=new Showdown.converter({extensions:["table"]});WMD.processor=WMD.showdown.makeHtml;
WMD.preprocessors={underscores:function(doc){doc.markdown=gsub(doc.markdown,/(^(?! {4}|\t)\w+_\w+_\w[\w_]*)/,function(match){var count=0;for(var i=0;i<match.length;i++)if(match[i]=="_")count++;if(count===2)return match.replace(/_/g,"\\_");return match});return doc},metadata:function(doc){var key;var lines=doc.markdown.split("\n");doc.metadata={};while(lines.length){var match=/^(\S+):\s+(.*)$/.exec(lines[0]);if(match){var key=match[1];doc.metadata[key]=match[2];lines.shift()}else{var continued_value= WMD.preprocessors={underscores:function(doc){doc.markdown=gsub(doc.markdown,/(^(?! {4}|\t)\w+_\w+_\w[\w_]*)/,function(match){var count=0;for(var i=0;i<match.length;i++)if(match[i]=="_")count++;if(count===2)return match.replace(/_/g,"\\_");return match});return doc},metadata:function(doc){var key;var lines=doc.markdown.split("\n");doc.metadata={};while(lines.length){var match=/^(\S+):\s+(.*)$/.exec(lines[0]);if(match){var key=match[1];doc.metadata[key]=match[2];lines.shift()}else{var continued_value=
/^\s+(.+)$/.exec(lines[0]);if(/^\s*$/.exec(lines[0]))lines.shift();else if(continued_value&&key){doc.metadata[key]+="\n"+continued_value[1];lines.shift()}else break}}doc.markdown=lines.join("\n");return doc},fencedCodeBlocksHighlightJS:function(doc){var re1=/```([A-Za-z]+)\s*([\s\S]+?)```/;var re2=/```\s*([\s\S]+?)```/;var block;while(block=re1.exec(doc.markdown)||re2.exec(doc.markdown)){var pre;if(block.length===3){pre='<pre style="padding:0;"><code class="'+escapeHtml(block[1])+'">';if(block[1]in /^\s+(.+)$/.exec(lines[0]);if(/^\s*$/.exec(lines[0]))lines.shift();else if(continued_value&&key){doc.metadata[key]+="\n"+continued_value[1];lines.shift()}else break}}doc.markdown=lines.join("\n");return doc},fencedCodeBlocksHighlightJS:function(doc){var re1=/```([A-Za-z]+)\s*([\s\S]+?)```/;var re2=/```\s*([\s\S]+?)```/;var block;while(block=re1.exec(doc.markdown)||re2.exec(doc.markdown)){var pre;if(block.length===3){pre='<pre style="padding:0;"><code class="'+escapeHtml(block[1])+'">';if(block[1]in
hljs.LANGUAGES)pre+=hljs.highlight(block[1],block[2]).value;else pre+=escapeHtml(block[2]);pre+="</code></pre>"}else pre='<pre style="padding:0;"><code class="no-highlight">'+escapeHtml(block[1])+"</code></pre>";doc.markdown=doc.markdown.substr(0,block.index)+pre+doc.markdown.substr(block.index+block[0].length)}return doc}};WMD.postprocessors={}; hljs.LANGUAGES)pre+=hljs.highlight(block[1],block[2]).value;else pre+=escapeHtml(block[2]);pre+="</code></pre>"}else pre='<pre style="padding:0;"><code class="no-highlight">'+escapeHtml(block[1])+"</code></pre>";doc.markdown=doc.markdown.substr(0,block.index)+pre+doc.markdown.substr(block.index+block[0].length)}return doc}};WMD.postprocessors={};

View file

@ -8,6 +8,7 @@
$("#start-togetherjs").click(function(){ $("#start-togetherjs").click(function(){
$(this).prop('disabled', true).html("Loading"); $(this).prop('disabled', true).html("Loading");
}); });
MDR.sanitize = false;
}); });
TogetherJSConfig_toolName = "Collaboration"; TogetherJSConfig_toolName = "Collaboration";
TogetherJSConfig_suppressJoinConfirmation = true; TogetherJSConfig_suppressJoinConfirmation = true;
@ -21,10 +22,11 @@
TogetherJSConfig_on_ready = function () { TogetherJSConfig_on_ready = function () {
MDR.sanitize = true; MDR.sanitize = true;
$("#preview").html('');
$("#start-togetherjs").addClass('btn-danger').html('End Collaboration').prop('disabled', false); $("#start-togetherjs").addClass('btn-danger').html('End Collaboration').prop('disabled', false);
}; };
TogetherJSConfig_on_close = function () { TogetherJSConfig_on_close = function () {
MDR.sanitize = null; MDR.sanitize = false;
$("#start-togetherjs").removeClass('btn-danger').html('Collaborate').prop('disabled', false); $("#start-togetherjs").removeClass('btn-danger').html('Collaborate').prop('disabled', false);
}; };
@ -50,7 +52,10 @@
<div id="app-wrap" class="container-fluid"> <div id="app-wrap" class="container-fluid">
<div id="app-controls" class="row"> <div id="app-controls" class="row">
<div class="col-xs-3"> <div class="col-xs-3">
<input id="page-name" type="text" class="form-control input-sm" name="name" placeholder="Name" value="{{- name -}}" /> <div class="input-group">
<span class="input-group-addon btn-info input-sm">realms.io/</span>
<input id="page-name" type="text" class="form-control input-sm" name="name" placeholder="Name" value="{{- name -}}" />
</div>
</div> </div>
<div class="col-xs-3"> <div class="col-xs-3">
<input id="page-message" type="text" class="form-control input-sm" name="page-message" placeholder="Comment" value="" /> <input id="page-message" type="text" class="form-control input-sm" name="page-message" placeholder="Comment" value="" />