HTML5 elements in Markdown? about formatize HOT 9 CLOSED

Truly sorry for this late reply! It's probably too late, but I didn't want to just close the issue.

RedCloth has very limited configurability. It supports the flags described in the docs and that's pretty much it.

If this is non-user input you could try the :safe flag, which marks the input as safe and thus skips escaping all together. Use with caution.

Again, truly sorry.

from formatize.

Thanks so much for looking into this. I know the maintainer of Redcloth, I'll see if I can pester him at the next Philly.rb meeting and get some HTML5 love happening. I didn't realize you were using Redcloth internally.

Walter

from formatize.

Jason posted to twitter the following links:

https://t.co/XZ4bqEoT to fix this in the Redcloth 4 branch

https://t.co/DTLlwa1D to fix it in Redcloth-parslet, which will become Redcloth 5 as soon as it's baked.

from formatize.

As I understand it, there are two options until RedCloth 5 is released:

1. Add HTML5 tags to BASIC_TAGS.
2. Use clean_html prior to parsing, overriding the default allowed_tags argument. Then pass the :safe flag to RedCloth, to avoid re-escaping.

Right?

from formatize.

That sounds plausible. I hadn't thought of the second of these, it sounds even nicer than monkey-patching the BASIC_TAGS constant. Jason has opened a ticket to make this even easier going forward. Follow Lighthouse ticket http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/244-allow-customizing-sanitization-whitelist-without-a-monkey-patch for updates...

Walter

On Feb 29, 2012, at 1:16 PM, David Trasbo wrote:

As I understand it, there are two options until RedCloth 5 is released:

1. Add HTML5 tags to BASIC_TAGS.
2. Use clean_html prior to parsing, overriding the default allowed_tags argument. Then pass the :safe flag to RedCloth, to avoid re-escaping.

Right?

---

Reply to this email directly or view it on GitHub:
#5 (comment)

from formatize.

Good!

textilize actually uses the sanitize helper from Rails unless you pass the :safe option, which RedCloth doesn't understand. The default behavior of RedCloth is to let everything slip through, but the used-to-be Rails helper toggles that behavior.

The point is, even if we do patch RedCloth to allow HTML5 it won't take effect unless the :safe option is passed to textilize to bypass Rails' sanitization.

The Rails sanitizer seems more extensive to me, so a better solution could be to configure sanitize to allow HTML5 tags, as described in its docs.

from formatize.

I can't seem to find a definitive list of the whitelisted elements in the docs. Considering the scaffold generator uses HTML5, it would be odd if those elements weren't on the list.

Walter

On Feb 29, 2012, at 1:50 PM, David Trasbo wrote:

Good!

textilize actually uses the sanitize helper from Rails unless you pass the :safe option, which RedCloth doesn't understand. The default behavior of RedCloth is to let everything slip through, but the used-to-be Rails helper toggles that behavior.

The point is, even if we do patch RedCloth to allow HTML5 it won't take effect unless the :safe option is passed to textilize to bypass Rails' sanitization.

The Rails sanitizer seems more extensive to me, so a better solution could be to configure sanitize to allow HTML5 tags, as described in its docs.

---

Reply to this email directly or view it on GitHub:
#5 (comment)

from formatize.

The whitelist definition.

Demonstrating in the console that HTML5 is escaped:

helper.sanitize('<article></article>')
=> ""

from formatize.

I chose to add a note regarding customization of sanitize to the readme.

Closing this for now.

from formatize.