Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an option to not espace quotes. #269

Closed
philipwalton opened this issue Oct 21, 2013 · 29 comments
Closed

Add an option to not espace quotes. #269

philipwalton opened this issue Oct 21, 2013 · 29 comments

Comments

@philipwalton
Copy link

I stumbled upon an issue that's giving me problems because marked is escaping double and single quotes in all situations and there's no option to change it.

https://github.com/chjj/marked/blob/master/lib/marked.js#L999-L1000

I'm no markdown expert, but I'm converting a project to node that previously used Ruby's rdiscount, which does not escape quotes. I do not see any reason (from an HTML perspective) to force escaping of quotes, so I think it makes sense to add an option to prevent this behavior.

If this is something you'd consider, I'd be happy to submit a pull request. Just let me know.

@jonschlinkert
Copy link

Agreed, this is a big problem for us with assemble. We use handlebars and marked.js together, and since marked.js alters templates, it's preventing us from adding marked.js as a default converter.

The problem is that by escaping quotes, marked converts {{foo 'include.md'}} to {{foo 'include.md'}}, which obviously is no longer a valid Handlebars template.

@philipwalton
Copy link
Author

Yes, that's exactly the same problem I'm having. And it's with Handlebars no less.

Have you forked and fixed or simply chosen a different markdown converter?

@jonschlinkert
Copy link

@jonschlinkert
Copy link

@jonschlinkert
Copy link

Have you forked and fixed or simply chosen a different markdown converter?

No, we just continue to use helpers for converting markdown, specifically so that we don't have to deal with the support issues related to this. However, before this continues to sound like like I'm complaining about marked, I really like this lib and use it quite extensively. We just don't have the time to support the issues related to including marked as a default converter.

However, we're refactoring assemble, and I want to have assemble convert markdown natively after that. So hopefully we can get this hammered out.

@jonschlinkert
Copy link

@chjj would you be open to someone helping out with this project? If so, I'd like to throw my hat in.

@mattly
Copy link

mattly commented May 28, 2014

I just ran into this as well. Any progress?

@welldan97
Copy link

+1 same thing

@weekeight
Copy link

any progress? @chjj

@nfm
Copy link

nfm commented Aug 27, 2014

I just had this same issue using Marked with React, which escapes everything by default.

I'm not 100% on the implications of this, but the React docs (http://facebook.github.io/react/docs/jsx-gotchas.html#html-entities) suggest using unicode characters to avoid escaping issues. Could Marked's escape() function (https://github.com/chjj/marked/blob/master/lib/marked.js#L1076) be modified to do replacements with unicode characters instead? For example, .replace(/"/g, '\u0022') instead of .replace(/"/g, '"')?

This seems to work ok for me on first inspection, but I'm not confident about the affects of this, and other things like browser support.

Anyone else care to weigh in?

@ethanmick
Copy link

Just ran into this. 👍

@adam-lynch
Copy link

Related: #529

@cri5ti
Copy link

cri5ti commented Sep 20, 2015

The code in question seems to be here: https://github.com/chjj/marked/blob/master/lib/marked.js#L685

Shouldn't we have something like this?

if (this.options.sanitize)
    out += this.renderer.text(escape(this.smartypants(cap[0])));
else
    out += this.renderer.text(this.smartypants(cap[0]));        

@rosshinkley
Copy link

I know I'm late to the party, but I just hit this as well doing something similar with Handlebars + marked and thought I'd throw in my +1.

@r0hitsharma
Copy link

+1 Faced the same issue (Handlebars + marked)

@cri5ti, your suggestion fixes my issue. Thanks!

@snollygolly
Copy link

+1 Same issue for me as well.

@patrickheeney
Copy link

+1 Also ran into this. How is everyone working around this issue? Just applying @cri5ti code change after npm install?

@caizone
Copy link

caizone commented Aug 23, 2016

+1 it's works for me.

@matt-
Copy link
Contributor

matt- commented Aug 23, 2016

If someone would like to submit a PR with passing tests that will help move the issue along.

@jguffey jguffey mentioned this issue Dec 5, 2017
@KostyaTretyak
Copy link
Contributor

KostyaTretyak commented Dec 21, 2017

You can copy and paste marked.js from this my commit, its improved performance of marked on 30-40%. And then you can to change this rows for avoid escape quotes, like this:

const escapeTest = /[&<>]/;
const escapeReplace = /[&<>]/g;
const replacements =
{
  '&': '&amp;',
  '<': '&lt;',
  '>': '&gt;'
};

const escapeTestNoEncode = /(?:[<>]|&(?!#?\w+;))/;
const escapeReplaceNoEncode = /(?:[<>]|&(?!#?\w+;))/g;

My commit differs just by refactoring the escape() function. See Pull Request.

@joshbruce
Copy link
Member

Closing as stale and not the focus. See also #1106, #1216, and #1080.

@marco-silva0000
Copy link

ls there a way to do this in the current version?

@UziTech
Copy link
Member

UziTech commented Jul 3, 2022

You can create a custom extension to render markdown differently

const handlebarsTag = {
  name: 'handlebarsTag',
  level: 'inline',                          // This is an inline-level tokenizer
  start(src) { return src.indexOf('{{'); }, // Hint to Marked.js to stop and check for a match
  tokenizer(src, tokens) {
    const rule = /^\{\{.*?\}\}+/;           // Regex for the complete token, anchor to string start
    const match = rule.exec(src);
    if (match) {
      return {                               // Token to generate
        type: 'handlebarsTag',               // Should match "name" above
        raw: match[0],                       // Text to consume from the source
        text: match[0]                       // Additional custom properties
      };
    }
  },
  renderer(token) {
    return token.text;
  }
};

marked.use({extensions: [handlebarsTag]});

@ValentinVignal
Copy link

You can create a custom extension to render markdown differently

@UziTech I don't think that is working, I tried your sample and I still get <p>&#39;</p> as an output

Edit TypeScript Playground Export (forked)

@UziTech
Copy link
Member

UziTech commented Aug 19, 2022

My example only prevents escaping between {{}} for handlebars. You will need to change the code of you want to prevent it other places.

@SachaG
Copy link

SachaG commented Sep 29, 2022

It may be obvious (and obviously having this solved in the library itself would be better) but personally I found it easiest to just do:

html = marked.parse(s).replaceAll('&#39;', `'`)

@paulrudy
Copy link

paulrudy commented Oct 2, 2022

An example custom extension based on @UziTech's example for anyone wanting to prevent escaping ' (single quotes):

const singleQuote = {
  name: "singleQuote",
  level: "inline", // This is an inline-level tokenizer
  start(src) {
    return src.indexOf("'");
  }, // Hint to Marked.js to stop and check for a match
  tokenizer(src, tokens) {
    const rule = /^'/; // Regex for the complete token, anchor to string start
    const match = rule.exec(src);
    if (match) {
      return {
        // Token to generate
        type: "singleQuote", // Should match "name" above
        raw: match[0], // Text to consume from the source
        text: match[0], // Additional custom properties
      };
    }
  },
  renderer(token) {
    return token.text;
  },
};

marked.use({ extensions: [singleQuote] });

@devbytyler
Copy link

Getting blocked on this now too, but I am only tokenizing markdown, never rendering it. It's not really clear at what point the escaping happens, but seems like it would ideally happen later in the process when rendering is about to happen,

@UziTech
Copy link
Member

UziTech commented Oct 22, 2024

@devbytyler this should be fixed in the next major version by #3495

Sometimes escaping currently is happening during tokenization.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests