[zeppelin] branch master updated: ZEPPELIN-5746: Add support for escaping html in markdown (#4375)

jongyoul Fri, 03 Jun 2022 06:49:29 -0700

This is an automated email from the ASF dual-hosted git repository.

jongyoul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zeppelin.git



The following commit(s) were added to refs/heads/master by this push:
     new d22723bd92 ZEPPELIN-5746: Add support for escaping html in markdown 
(#4375)
d22723bd92 is described below

commit d22723bd92a8c4e87206bc70970faf7f649fd56e
Author: Lee <peter...@apache.org>
AuthorDate: Fri Jun 3 21:48:49 2022 +0800

    ZEPPELIN-5746: Add support for escaping html in markdown (#4375)
    
    This is implemented by flexmark. A new configuration is also added, and
    this configuration is turned on by default.
---
 .../apache/zeppelin/markdown/FlexmarkParser.java    |  3 +++
 .../zeppelin/markdown/FlexmarkParserTest.java       | 21 +++++++++++++++++++++
 .../apache/zeppelin/conf/ZeppelinConfiguration.java |  5 +++++
 3 files changed, 29 insertions(+)

diff --git 
a/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java 
b/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java
index 6dcbdebe92..911a094bfc 100644
--- a/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java
+++ b/markdown/src/main/java/org/apache/zeppelin/markdown/FlexmarkParser.java
@@ -28,6 +28,7 @@ import com.vladsch.flexmark.util.ast.Node;
 import com.vladsch.flexmark.html.HtmlRenderer;
 import com.vladsch.flexmark.parser.Parser;
 import com.vladsch.flexmark.util.data.MutableDataSet;
+import org.apache.zeppelin.conf.ZeppelinConfiguration;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -44,6 +45,7 @@ public class FlexmarkParser implements MarkdownParser {
   private HtmlRenderer renderer;
 
   public FlexmarkParser() {
+    ZeppelinConfiguration zConf = ZeppelinConfiguration.create();
     MutableDataSet options = new MutableDataSet();
     options.set(Parser.EXTENSIONS, 
Arrays.asList(StrikethroughExtension.create(),
             TablesExtension.create(),
@@ -54,6 +56,7 @@ public class FlexmarkParser implements MarkdownParser {
             EmojiExtension.create()));
     options.set(HtmlRenderer.SOFT_BREAK, "<br />\n");
     options.set(EmojiExtension.USE_IMAGE_TYPE, UNICODE_ONLY);
+    options.set(HtmlRenderer.ESCAPE_HTML, 
zConf.isZeppelinNotebookMarkdownEscapeHtml());
     parser = Parser.builder(options).build();
     renderer = HtmlRenderer.builder(options).build();
   }
diff --git 
a/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java 
b/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java
index 7b60613843..a379f09b88 100644
--- 
a/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java
+++ 
b/markdown/src/test/java/org/apache/zeppelin/markdown/FlexmarkParserTest.java
@@ -223,5 +223,26 @@ public class FlexmarkParserTest {
     // Do not activate, because this test depends on 
www.websequencediagrams.com
     //assertTrue(containsImg);
   }
+
+  @Test
+  public void testEscapeHtml() {
+    String input =
+            new StringBuilder()
+                    .append("This is\n")
+                    .append("<script 
type=\"text/javascript\">alert(1);</script>\n")
+                    .append("<div onclick='alert(2)'>this is div</div>\n")
+                    .toString();
+
+    String expected =
+            new StringBuilder()
+                    .append("<p>This is</p>\n")
+                    .append("<p>&lt;script 
type=&quot;text/javascript&quot;&gt;" +
+                            "alert(1);&lt;/script&gt;</p>\n")
+                    .append("<p>&lt;div &gt;this is div&lt;/div&gt;</p>\n")
+                    .toString();
+
+    InterpreterResult result = md.interpret(input, null);
+    assertEquals(wrapWithMarkdownClassDiv(expected), 
result.message().get(0).getData());
+  }
 }
 
diff --git 
a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
 
b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
index 985a82d9f7..6b97a1d64c 100644
--- 
a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
+++ 
b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/conf/ZeppelinConfiguration.java
@@ -761,6 +761,10 @@ public class ZeppelinConfiguration {
     return getString(ConfVars.ZEPPELIN_NOTEBOOK_CRON_FOLDERS);
   }
 
+  public boolean isZeppelinNotebookMarkdownEscapeHtml() {
+    return getBoolean(ConfVars.ZEPPELIN_NOTEBOOK_MARKDOWN_ESCAPE_HTML);
+  }
+
   public Boolean isZeppelinNotebookCollaborativeModeEnable() {
     return getBoolean(ConfVars.ZEPPELIN_NOTEBOOK_COLLABORATIVE_MODE_ENABLE);
   }
@@ -1079,6 +1083,7 @@ public class ZeppelinConfiguration {
             true),
     ZEPPELIN_NOTEBOOK_CRON_ENABLE("zeppelin.notebook.cron.enable", false),
     ZEPPELIN_NOTEBOOK_CRON_FOLDERS("zeppelin.notebook.cron.folders", null),
+    
ZEPPELIN_NOTEBOOK_MARKDOWN_ESCAPE_HTML("zeppelin.notebook.markdown.escape.html",
 true),
     ZEPPELIN_PROXY_URL("zeppelin.proxy.url", null),
     ZEPPELIN_PROXY_USER("zeppelin.proxy.user", null),
     ZEPPELIN_PROXY_PASSWORD("zeppelin.proxy.password", null),

[zeppelin] branch master updated: ZEPPELIN-5746: Add support for escaping html in markdown (#4375)

Reply via email to