From d63a0df427c332d6deb99da8fc25b395fc3fddc4 Mon Sep 17 00:00:00 2001 From: Ryuichi Okumura Date: Tue, 3 Mar 2015 21:51:30 +0900 Subject: [PATCH 1/2] Change the Markdown parser Potential security issues have been reported to the marked, but there is no plan to still be fixed. Because YUIDoc is a one of the development tool, I have thought unlikely to be affected by the problem. However, marked is no longer actively maintained, and I'd like to choice a parser that are more maintenance. Since YUIDoc only have utilized simply marked as a simple Markdown parser, change can often be reduced. --- docs/args/index.mustache | 4 ++-- lib/builder.js | 13 ++++++------- package.json | 2 +- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/docs/args/index.mustache b/docs/args/index.mustache index 6037b530..5d1c2a90 100644 --- a/docs/args/index.mustache +++ b/docs/args/index.mustache @@ -261,8 +261,8 @@ See below for more examples. `markdown` - Options to pass to Marked, the Markdown compiler used to compile API descriptions. - See the Marked readme for details. + Options to pass to markdown-it, the Markdown compiler used to compile API descriptions. + See the markdown-it API for details. diff --git a/lib/builder.js b/lib/builder.js index 43457c4c..06b1beb7 100644 --- a/lib/builder.js +++ b/lib/builder.js @@ -3,7 +3,7 @@ * Code licensed under the BSD License: * https://github.com/yui/yuidoc/blob/master/LICENSE */ -var marked = require('marked'), +var MarkdownIt = require('markdown-it'), fs = require('graceful-fs'), noop = function () {}, path = require('path'), @@ -138,16 +138,16 @@ YUI.add('doc-builder', function (Y) { * Wrapper around the Markdown parser so it can be normalized or even side stepped * @method markdown * @private - * @param {String} md The Markdown string to parse + * @param {String} data The Markdown string to parse * @return {HTML} The rendered HTML */ - markdown: function (md) { - var html = marked(md, this.options.markdown); + markdown: function (data) { + var md = new MarkdownIt(this.options.markdown); + var html = md.render(data); //Only reprocess if helpers were asked for if (this.options.helpers || (html.indexOf('{{#crossLink') > -1)) { - //console.log('MD: ', html); try { - // marked auto-escapes quotation marks (and unfortunately + // markdown-it auto-escapes quotation marks (and unfortunately // does not expose the escaping function) html = html.replace(/"/g, "\""); html = (Y.Handlebars.compile(html))({}); @@ -156,7 +156,6 @@ YUI.add('doc-builder', function (Y) { html = html.replace(/\\{/g, '{').replace(/\\}/g, '}'); Y.log('Failed to parse Handlebars, probably an unknown helper, skipping..', 'warn', 'builder'); } - //console.log('HB: ', html); } return html; }, diff --git a/package.json b/package.json index ddc1ebcb..351fb884 100644 --- a/package.json +++ b/package.json @@ -72,7 +72,7 @@ "dependencies": { "express": "^4.10.1", "graceful-fs": "2.x", - "marked": "^0.3.3", + "markdown-it": "^3.0.7", "minimatch": "^2.0.1", "rimraf": "2.x", "yui": "^3.18.1" From 59e05a8cb256a0cea7d348050373968efa0954da Mon Sep 17 00:00:00 2001 From: Ryuichi Okumura Date: Wed, 4 Mar 2015 21:53:21 +0900 Subject: [PATCH 2/2] Reuse an instance of MarkdownIt in an instance of DocBuilder --- lib/builder.js | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/builder.js b/lib/builder.js index 06b1beb7..aceb2aa7 100644 --- a/lib/builder.js +++ b/lib/builder.js @@ -54,7 +54,7 @@ YUI.add('doc-builder', function (Y) { if (options.themedir) { themeDir = options.themedir; } - + this.md = new MarkdownIt(options.markdown); this.data = data; Y.log('Building..', 'info', 'builder'); this.files = 0; @@ -142,8 +142,7 @@ YUI.add('doc-builder', function (Y) { * @return {HTML} The rendered HTML */ markdown: function (data) { - var md = new MarkdownIt(this.options.markdown); - var html = md.render(data); + var html = this.md.render(data); //Only reprocess if helpers were asked for if (this.options.helpers || (html.indexOf('{{#crossLink') > -1)) { try {