This is an automated email from the ASF dual-hosted git repository. jongyoul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/zeppelin.git
The following commit(s) were added to refs/heads/master by this push: new d22723bd92 ZEPPELIN-5746: Add support for escaping html in markdown (#4375) d22723bd92 is described below commit d22723bd92a8c4e87206bc70970faf7f649fd56e Author: Lee <peter...@apache.org> AuthorDate: Fri Jun 3 21:48:49 2022 +0800 ZEPPELIN-5746: Add support for escaping html in markdown (#4375) This is implemented by flexmark. A new configuration is also added, and this configuration is turned on by default. --- .../apache/zeppelin/markdown/FlexmarkParser.java | 3 +++ .../zeppelin/markdown/FlexmarkParserTest.java | 21 +++++++++++++++++++++ .../apache/zeppelin/conf/ZeppelinConfiguration.java | 5 +++++ 3 files changed, 29 insertions(+) diff --git a/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java b/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java index 6dcbdebe92..911a094bfc 100644 --- a/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java +++ b/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java @@ -28,6 +28,7 @@ import com.vladsch.flexmark.util.ast.Node; import com.vladsch.flexmark.html.HtmlRenderer; import com.vladsch.flexmark.parser.Parser; import com.vladsch.flexmark.util.data.MutableDataSet; +import org.apache.zeppelin.conf.ZeppelinConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -44,6 +45,7 @@ public class FlexmarkParser implements MarkdownParser { private HtmlRenderer renderer; public FlexmarkParser() { + ZeppelinConfiguration zConf = ZeppelinConfiguration.create(); MutableDataSet options = new MutableDataSet(); options.set(Parser.EXTENSIONS, Arrays.asList(StrikethroughExtension.create(), TablesExtension.create(), @@ -54,6 +56,7 @@ public class FlexmarkParser implements MarkdownParser { EmojiExtension.create())); options.set(HtmlRenderer.SOFT_BREAK, "<br />\n"); options.set(EmojiExtension.USE_IMAGE_TYPE, UNICODE_ONLY); + options.set(HtmlRenderer.ESCAPE_HTML, zConf.isZeppelinNotebookMarkdownEscapeHtml()); parser = Parser.builder(options).build(); renderer = HtmlRenderer.builder(options).build(); } diff --git a/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java b/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java index 7b60613843..a379f09b88 100644 --- a/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java +++ b/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java @@ -223,5 +223,26 @@ public class FlexmarkParserTest { // Do not activate, because this test depends on www.websequencediagrams.com //assertTrue(containsImg); } + + @Test + public void testEscapeHtml() { + String input = + new StringBuilder() + .append("This is\n") + .append("<script type=\"text/javascript\">alert(1);</script>\n") + .append("<div onclick='alert(2)'>this is div</div>\n") + .toString(); + + String expected = + new StringBuilder() + .append("<p>This is</p>\n") + .append("<p><script type="text/javascript">" + + "alert(1);</script></p>\n") + .append("<p><div >this is div</div></p>\n") + .toString(); + + InterpreterResult result = md.interpret(input, null); + assertEquals(wrapWithMarkdownClassDiv(expected), result.message().get(0).getData()); + } } diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java index 985a82d9f7..6b97a1d64c 100644 --- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java +++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java @@ -761,6 +761,10 @@ public class ZeppelinConfiguration { return getString(ConfVars.ZEPPELIN_NOTEBOOK_CRON_FOLDERS); } + public boolean isZeppelinNotebookMarkdownEscapeHtml() { + return getBoolean(ConfVars.ZEPPELIN_NOTEBOOK_MARKDOWN_ESCAPE_HTML); + } + public Boolean isZeppelinNotebookCollaborativeModeEnable() { return getBoolean(ConfVars.ZEPPELIN_NOTEBOOK_COLLABORATIVE_MODE_ENABLE); } @@ -1079,6 +1083,7 @@ public class ZeppelinConfiguration { true), ZEPPELIN_NOTEBOOK_CRON_ENABLE("zeppelin.notebook.cron.enable", false), ZEPPELIN_NOTEBOOK_CRON_FOLDERS("zeppelin.notebook.cron.folders", null), + ZEPPELIN_NOTEBOOK_MARKDOWN_ESCAPE_HTML("zeppelin.notebook.markdown.escape.html", true), ZEPPELIN_PROXY_URL("zeppelin.proxy.url", null), ZEPPELIN_PROXY_USER("zeppelin.proxy.user", null), ZEPPELIN_PROXY_PASSWORD("zeppelin.proxy.password", null),