Skip to content

Refactor solution webview to reuse markdown engine #224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 21, 2019
Merged

Refactor solution webview to reuse markdown engine #224

merged 7 commits into from
Mar 21, 2019

Conversation

Vigilans
Copy link
Contributor

Introduction

Details

  • Add link validator logic, making it support file:// protocal.
  • Enhanced indented code block highlight logic.
  • Correction of multiple unsupported alias of language(e.g. python3)
  • Completion of image url in solution markdown(e.g. /asset/... -> https://discuss.leetcode.com/asset/..., refer to this solution)

@Vigilans Vigilans requested a review from jdneo March 19, 2019 14:50
jdneo
jdneo requested changes Mar 20, 2019
View reviewed changes
src/webview/markdownEngine.ts Outdated
const validateLink: (link: string) => boolean = md.validateLink;
md.validateLink = (link: string): boolean => {
// support file:// protocal link
return validateLink(link) || link.startsWith("file:");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you explain more why we need the validator here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the routine adopted by built-in markdown exntesion's MarkdownEngine, I think it may enables us to validate local file link, which may be useful in local debugger.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok... Actually still not quite understand... I think it's a worth investigating topic. It's fine to leave it here in this PR...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Document from markdown-it:

MarkdownIt#validateLink(url)Boolean

Link validation function. CommonMark allows too much in links. By default we disable javascript:, vbscript:, file: schemas, and almost all data:... schemas except some embedded image types.

You can change this behaviour:

var md = require('markdown-it')();
// enable everything
md.validateLink = function () { return true; }

Since we will deal with local files in WebView, chances are that it will be helpful to enable file: link.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked into the source code, and found that it was made to prevent XSS attack. Here are some examples:

  • When parsing image and link:
    if (res.ok) {
      href = state.md.normalizeLink(res.str);
      if (state.md.validateLink(href)) {
        pos = res.pos;
      } else {
        href = '';
      }
    }

If validateLink does not pass, then href is screened out.

  • The same goes on for reference-link or auto link:
  href = state.md.normalizeLink(res.str);
  if (!state.md.validateLink(href)) { return false; }

So, it is indeed necessary to loose the restriction to allow file:// protocol.

@Vigilans
Copy link
Contributor Author

Vigilans commented Mar 20, 2019
edited
Loading

Now the markdown engine is fully decoupled with webviews with the help of env parameter:

const body: string = this.markdown.render(solution.body, {
    lang: this.solution.lang,
    host: "https://discuss.leetcode.com/",
});

jdneo
jdneo reviewed Mar 20, 2019
View reviewed changes
src/webview/markdownEngine.ts Outdated
const validateLink: (link: string) => boolean = md.validateLink;
md.validateLink = (link: string): boolean => {
// support file:// protocal link
return validateLink(link) || link.startsWith("file:");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok... Actually still not quite understand... I think it's a worth investigating topic. It's fine to leave it here in this PR...

jdneo
jdneo reviewed Mar 20, 2019
View reviewed changes
Copy link
Member

@jdneo jdneo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much much better. Just some small change requests.

Thank you!

@jdneo jdneo added this to the 0.13.2 milestone Mar 20, 2019
@jdneo jdneo merged commit 0552af2 into LeetCode-OpenSource:master Mar 21, 2019
@jdneo jdneo mentioned this pull request Mar 21, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdneo jdneo jdneo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.13.2
Development

Successfully merging this pull request may close these issues.
2 participants
@Vigilans @jdneo