GithubHelp home page GithubHelp logo

jralph / twig-markdown Goto Github PK

View Code? Open in Web Editor NEW
11.0 2.0 4.0 53 KB

A simple extendable markdown extension for the php twig template engine.

License: MIT License

PHP 100.00%
twig-extension php twigbridge twig-markdown twig twig-filter twig-functions

twig-markdown's Introduction

Twig Markdown Extension

Updated for Twig 2.* - For Twig 1.* please use version 1.0.1

A simple and extendable twig extension for providing markdown filters, globals, tags and functions.

By default, this extension comes with ParsedownExtra, but this can be easily replaced with any markdown processor or your choice by simply implementing the provided interface and passing your new implementation into the extension.

Installation

You can simply install the extension package through composer.

composer require jralph/twig-markdown

You can also add the package and the version you want to your composer.json file.

"require": {
    "jralph/twig-markdown": "dev-master"
}

Setup With Twig

To use this extension with twig (without any additions such as TwigBridge for Laravel. See below.), you can simply do the following.

$twig = new Twig_Environment($loader);
$twig->addExtension(new Jralph\Twig\Markdown\Extension(
    new Jralph\Twig\Markdown\Parsedown\ParsedownExtraMarkdown
));

Setup With TwigBridge for Laravel 5

To use this plugin with TwigBridge for Laravel, it is just as easy, but you have multiple ways of adding the extension.

Via config/twigbridge.php

You can add the extension directly to the enabled section of the extensions array within the config/twigbridge.php file. (Note, you will need to make sure that the config file has been published php artisan vendor:publish for this file to exist.)

'extensions' => [

    'enabled' => [
        // Other TwigBridge Extensions
        new Jralph\Twig\Markdown\Extension(
            new Jralph\Twig\Markdown\Parsedown\ParsedownExtraMarkdown
        ),
    ]

]

Via Twig Facade

You can also add the extension using the Twig facade that TwigBridge provides.

Twig::addExtension(new Jralph\Twig\Markdown\Extension(
    new Jralph\Twig\Markdown\Parsedown\ParsedownExtraMarkdown
));

You can add this code to your Laravel 5 install in any way you like, but we recommend using a service provider.

Security

Due to any and all HTML being perfectly valid within Markdown, this package does not choose to pre-sanitise input, and only pre-sanitises input when forced (the tag functionality does this).

Care should be taken when using the filter, function, or global combined with user input, as this could potentially lead to XSS vulnerabilities. Generally speaking you would want to strip <script> tags from any output as a bare minimum.

Provided Functionality

The Twig-Markdown extension provides globals, functions, filters and tags to assist you with your markdown processing.

Tag (Input Safe)

We also provide a handy tag for you to use if you want to write the markdown within a template.

{% markdown %}
    # Some Markdown

    This is some simple markdown content.
    
    {{ moreMarkdown }}
{% endmarkdown %}

NOTE: Filter input is sanitised automatically. The tag will not work with markdown that contains HTML.

Filter (Input Unsafe, No HTML Support)

Use just like any other twig filter.

{{ "# Some Markdown" | markdown }}
{{ markdownVariable | markdown }}

{% apply markdown %}
    # Some Markdown

    This is some simple markdown content.
    
    {{ moreMarkdown }}
{% endapply %}

NOTE: The above filter usage is unsafe. Filter input is not automatically sanitised. To sanitise this in the template, please use the escape filter like below.

{{ markdownVariable | escape | markdown }}

Function (Input Unsafe, HTML Support)

Use just like any other twig function.

{{ markdown("# Some Markdown") }}
{{ markdown(markdownVariable) }}

NOTE: The above function usage is unsafe. Function input is not automatically sanitised. To sanitise this in the template, please use the escape filter like below.

{{ markdown(markdownVariable | escape) }}

Global (Input Unsafe, HTML Support)

You can also use the global for direct access to the implementation of the MarkdownInterface contract.

{% autoescape false %}
    {{ markdown.parse("# Some Markdown") }}
    {{ markdown.parse(markdownVariable) }}
{% endautoescape %}

Note the use of the {% autoescape false %}. Without this, the generated html will be escaped......which may or may not be what you are looking for. If you wish to escape the input, but keep html output, you can do so like below

{% autoescape false %}
    {{ markdown.parse(markdownVariable | escape) }}
{% endautoescape %}

Using Another Processor

Want to use another processor other than ParsedownExtra? No problem!

Just implement the Jralph\Twig\Markdown\Contracts\MarkdownInterface contract, add it to the extension and you're away.

The contract requires the following methods:

  • parse($text);
    • This method should return the parsed $text.

Example using Michelf Markdown.

// MichelfMardown.php
<?php

use Jralph\Twig\Markdown\Contracts\MarkdownInterface;
use Michelf\Markdown;

class MichelfMardown implements MarkdownInterface {

    public function parse($text)
    {
        $markdown = new Markdown;

        return $markdown->transform($text);
    }

}

Now you have the implementation setup, just add this into the twig extension.

// For plain twig.

$twig = new Twig_Environment($loader);
$twig->addExtension(new Jralph\Twig\Markdown\Extension(
    new MichelfMardown
));

// For TwigBridge

'extensions' => [

    'enabled' => [
        // Other TwigBridge Extensions
        new Jralph\Twig\Markdown\Extension(
            new MichelfMardown
        ),
    ]

]

// OR

Twig::addExtension(new Jralph\Twig\Markdown\Extension(
    new MichelfMardown
));

It's as simple as that!

Contributing/Maintaining

I will do my best to keep this package up-to-date but if you notice any bugs or would like to add a feature, please feel free to submit an issue on GitHub or submit a pull request with the change your self.

twig-markdown's People

Contributors

ilkermutlu avatar jralph avatar nochso avatar rudloff avatar tip2tail avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

jiazhizhong akentner rudloff bilogic

twig-markdown's Issues

Using single quotes in a tag

Hi! I found this while using the markdown tag:

{% markdown %}let's cause a parse error{% endmarkdown %}

will cause this error:

PHP Parse error: syntax error, unexpected 's' (T_STRING) in /home/amblin/dev/web/benchmark/vendor/twig/twig/lib/Twig/Environment.php(390) : eval()'d code on line 211

Apparently $content isn't escaped when being compiled by \Jralph\Twig\Markdown\Node.
I'm not that experienced in extending Twig, but couldn't you assign the node's data directly?

Displaying markdown from a .md file

Hi,

I have twig view and some markdown files which contain twig variables, i.e. {{ filename }}. What is the best (laravel) way to include the contents of the MD to be parsed as markdown in the twig view?

e.g.

{% markdown %}
How do I get the markdown contents from the file into this area dynamically?
{% endmarkdown %}

currently, my twig file is like:

<html><head></head>
<body>
<div>
{% markdown %}
# {{ title }}
- ...
- ...
{% endmarkdown %}
</div>
</body>

and my PHP code is like

return view("admin/taskview", ["title" => $p]);

I would like to separate the markdown and twig so that the twig is reusable. Thank you.

Potential XSS Vulnerability With Filter and Function Components

Hello ๐Ÿ‘‹

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@Rudloff) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you ๐Ÿ‘

(cc @huntr-helper)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.