Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve markdown rendering is changelogs / readmes #2081

Merged
merged 1 commit into from
Aug 13, 2021
Merged

Improve markdown rendering is changelogs / readmes #2081

merged 1 commit into from
Aug 13, 2021

Conversation

msys-sgarg
Copy link
Contributor

@msys-sgarg msys-sgarg commented Jul 27, 2021
edited
Loading

Signed-off-by: smriti sgarg@msystechnologies.com

Description

substituting html comments with blank string in changelog text for a cookbook.

Updated RedCarpet implementation to match the github markdown rendering standards. Mainly focussed on below two points : -

  1. Syntax highlighting ( used Code-ray for same )
  2. Delete html comments from the markdown content

The above two points are also highlighted by @robbkidd here -> #1321

HTMLpipeline implementation could never be successfull. As its requiring a lot many behavioural changes as application is behaving as of now .. with some serious XSS attacks getting open like injection of javascript via href tag

Issues Resolved

#1831

Check List

@msys-sgarg msys-sgarg self-assigned this Jul 27, 2021
@msys-sgarg msys-sgarg added the Status: Sustaining Backlog An issue ideal for the Sustaining Engineering team (or anyone else if they want to adopt it). label Jul 27, 2021
@tas50
Copy link
Contributor

tas50 commented Jul 28, 2021

While this probably solves the immediate problem of the HTML comments, I think we want to revive the work here: #1622 to get complete GitHub compliant rendering.

@tas50 tas50 changed the title sustituting html comments with blank string for changelog text substitute html comments with blank strings in changelog markdown rendering Jul 29, 2021
@msys-sgarg
Copy link
Contributor Author

@tas50 ok, thanks i will work on that

@msys-sgarg msys-sgarg force-pushed the smriti/1831_changelogs_supermarket_render_markdown branch 4 times, most recently from ed7c5cd to 020c8ab Compare August 6, 2021 10:20
@msys-sgarg
Copy link
Contributor Author

@tas50 I have made a commit to address missing points for supermarket to achieve Github style markdown rendering. Html-pipelines implementation is leading to many behavioural changes and opening up application to XSS vulenarabilities. RedCarpet is doing good job in that respect and rendering markdown in a way which is very close to Github markdown rendering.. just a few points i found missing I have implemented please check ..

@msys-sgarg
Copy link
Contributor Author

@tas50 any comments on this ?

tas50
tas50 reviewed Aug 12, 2021
View reviewed changes
src/supermarket/Gemfile Outdated
@@ -8,6 +8,7 @@ gem "omniauth-chef-oauth2"
gem "omniauth-github"
gem "omniauth-oauth2", "~> 1.7.1"
gem "omniauth-rails_csrf_protection"
gem "coderay"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a comment on this same line that just says what we're using it for. There's a lot of deps in this file and it's helpful to have comments saying why each one is there # markdown rendering of changelogs or something like that

@tas50 tas50 requested review from a team August 12, 2021 19:18
@tas50 tas50 changed the title substitute html comments with blank strings in changelog markdown rendering Improve markdown rendering is changelogs / readmes Aug 12, 2021
@msys-sgarg
Changes for red carpet html rendering github compliance
fd6f456 
Signed-off-by: smriti <sgarg@msystechnologies.com>
@msys-sgarg msys-sgarg force-pushed the smriti/1831_changelogs_supermarket_render_markdown branch from 020c8ab to fd6f456 Compare August 13, 2021 06:12
saghoshprogress
saghoshprogress approved these changes Aug 13, 2021
View reviewed changes
Copy link
Contributor

@saghoshprogress saghoshprogress left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

@tas50 tas50 merged commit dd3138c into chef:master Aug 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tas50 tas50 tas50 left review comments

@saghoshprogress saghoshprogress saghoshprogress approved these changes

Assignees

@msys-sgarg msys-sgarg

Labels
Status: Sustaining Backlog An issue ideal for the Sustaining Engineering team (or anyone else if they want to adopt it).
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@msys-sgarg @tas50 @saghoshprogress