Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tagfilter extension is not applied #15

Open
gadenbuie opened this issue Dec 28, 2020 · 2 comments
Open

Tagfilter extension is not applied #15

gadenbuie opened this issue Dec 28, 2020 · 2 comments

Comments

@gadenbuie
Copy link

I may be misunderstanding the prescribed usage of the tagfilter extension, but it doesn't seem to be working.

library(commonmark)

markdown_commonmark("<title><style></style></title>", extensions = "tagfilter")
#> [1] "<title><style></style></title>\n"
markdown_html("<title><style></style></title>", extensions = "tagfilter")
#> [1] "<title><style></style></title>\n"

In both cases, the spec indicates that we should expect

"&lt;title>&lt;style></style></title>\n"
Session info 
devtools::session_info()
#> ─ Session info ───────────────────────────────────────────────────────────────
#>  setting  value                                      
#>  version  R version 3.6.3 Patched (2020-04-28 r79534)
#>  os       macOS  10.16                               
#>  system   x86_64, darwin15.6.0                       
#>  ui       X11                                        
#>  language (EN)                                       
#>  collate  en_US.UTF-8                                
#>  ctype    en_US.UTF-8                                
#>  tz       America/New_York                           
#>  date     2020-12-28                                 
#> 
#> ─ Packages ───────────────────────────────────────────────────────────────────
#>  package     * version    date       lib source                            
#>  assertthat    0.2.1      2019-03-21 [1] standard (@0.2.1)                 
#>  callr         3.5.1      2020-10-13 [1] standard (@3.5.1)                 
#>  cli           2.2.0      2020-11-20 [1] standard (@2.2.0)                 
#>  commonmark  * 1.7        2018-12-01 [1] standard (@1.7)                   
#>  crayon        1.3.4      2017-09-16 [1] standard (@1.3.4)                 
#>  desc          1.2.0      2018-05-01 [1] standard (@1.2.0)                 
#>  devtools      2.3.2      2020-09-18 [1] standard (@2.3.2)                 
#>  digest        0.6.27     2020-10-24 [1] standard (@0.6.27)                
#>  ellipsis      0.3.1      2020-05-15 [1] standard (@0.3.1)                 
#>  evaluate      0.14       2019-05-28 [1] standard (@0.14)                  
#>  fansi         0.4.1      2020-01-08 [1] standard (@0.4.1)                 
#>  fs            1.5.0      2020-07-31 [1] standard (@1.5.0)                 
#>  glue          1.4.2      2020-08-27 [1] standard (@1.4.2)                 
#>  highr         0.8        2019-03-20 [1] standard (@0.8)                   
#>  htmltools     0.5.0.9003 2020-12-04 [1] Github (rstudio/htmltools@d18bd8e)
#>  knitr         1.30       2020-09-22 [1] standard (@1.30)                  
#>  lifecycle     0.2.0      2020-03-06 [1] standard (@0.2.0)                 
#>  magrittr      2.0.1      2020-11-17 [1] standard (@2.0.1)                 
#>  memoise       1.1.0      2017-04-21 [1] standard (@1.1.0)                 
#>  pkgbuild      1.1.0      2020-07-13 [1] standard (@1.1.0)                 
#>  pkgload       1.1.0      2020-05-29 [1] standard (@1.1.0)                 
#>  prettyunits   1.1.1      2020-01-24 [1] standard (@1.1.1)                 
#>  processx      3.4.4      2020-09-03 [1] standard (@3.4.4)                 
#>  ps            1.4.0      2020-10-07 [1] standard (@1.4.0)                 
#>  purrr         0.3.4      2020-04-17 [1] standard (@0.3.4)                 
#>  R6            2.5.0      2020-10-28 [1] standard (@2.5.0)                 
#>  remotes       2.2.0      2020-07-21 [1] standard (@2.2.0)                 
#>  rlang         0.4.9      2020-11-26 [1] standard (@0.4.9)                 
#>  rmarkdown     2.5        2020-10-21 [1] standard (@2.5)                   
#>  rprojroot     2.0.2      2020-11-15 [1] standard (@2.0.2)                 
#>  sessioninfo   1.1.1      2018-11-05 [1] standard (@1.1.1)                 
#>  stringi       1.5.3      2020-09-09 [1] standard (@1.5.3)                 
#>  stringr       1.4.0      2019-02-10 [1] standard (@1.4.0)                 
#>  testthat      3.0.0      2020-10-31 [1] standard (@3.0.0)                 
#>  usethis       2.0.0.9000 2020-12-10 [1] Github (r-lib/usethis@f96bf2e)    
#>  withr         2.3.0      2020-09-22 [1] standard (@2.3.0)                 
#>  xfun          0.19       2020-10-30 [1] standard (@0.19)                  
#>  yaml          2.2.1      2020-02-01 [1] standard (@2.2.1)                 
#> 
#> [1] /Library/Frameworks/R.framework/Versions/3.6/Resources/library
@yihui
Copy link

yihui commented Oct 20, 2022

I just discovered this problem, too.

@jeroen
Copy link
Member

jeroen commented Oct 21, 2022

Hmm thanks. I'll look into it. I think maybe this feature conflicts with some other options that we need to enable for rmarkdown, such as CMARK_OPT_UNSAFE

commonmark/src/wrapper.c

Lines 68 to 69 in 7d90807

/* Prevent filtering embedded resources: https://github.com/github/cmark-gfm#security */
options += CMARK_OPT_UNSAFE;

From the manual page:

Security
By default, the library will scrub raw HTML and potentially dangerous links (javascript:, vbscript:, data:, file:).
To allow these, use the option CMARK_OPT_UNSAFE (or --unsafe) with the command line program.

@jeroen jeroen mentioned this issue Oct 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yihui @jeroen @gadenbuie