Merge pull request #5 from ARCANEDEV/feature-escape_markups

Allowing the markups escape
ARCANEDEV · Mar 20, 2017 · a9e18be · a9e18be
2 parents 7bbcc93 + 3168e59
commit a9e18be
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 1 deletion.
diff --git a/_docs/1-Installation-and-Setup.md b/_docs/1-Installation-and-Setup.md
@@ -22,7 +22,6 @@ The Laravel Markdown package has a few system requirements:
 [laravel_markdown_1_1_x]: https://img.shields.io/badge/version-1.1.*-blue.svg?style=flat-square "Laravel Markdown v1.1.*"
 [laravel_markdown_1_2_x]: https://img.shields.io/badge/version-1.2.*-blue.svg?style=flat-square "Laravel Markdown v1.2.*"
 
-
 ## Composer
 
 You can install this package via [Composer](http://getcomposer.org/) by running this command: `composer require arcanedev/laravel-markdown`.

diff --git a/config/markdown.php b/config/markdown.php
@@ -1,6 +1,7 @@
 <?php
 
 return [
+
     /* ------------------------------------------------------------------------------------------------
      |  Escape Cross-site scripting
      | ------------------------------------------------------------------------------------------------
@@ -15,4 +16,12 @@
      | Allowing or not to automatic-linking of URLs in your markdown.
      */
     'urls' => true,
+
+    /* -----------------------------------------------------------------
+     |  Escape Markups
+     | -----------------------------------------------------------------
+     | Allowing or not to escape the HTML markups.
+     */
+    'markups' => true,
+
 ];
diff --git a/src/MarkdownParser.php b/src/MarkdownParser.php
@@ -58,6 +58,7 @@ public function __construct(Parsedown $parser)
     public function parse($content)
     {
         $this->parser->setUrlsLinked(config('markdown.urls', true));
+        $this->parser->setMarkupEscaped(config('markdown.markups', true));
 
         if (config('markdown.xss', true)) {
             $content = preg_replace('/(\[.*\])\(javascript:.*\)/', '$1(#)', $content);

diff --git a/tests/MarkdownParserTest.php b/tests/MarkdownParserTest.php
@@ -102,6 +102,22 @@ public function it_can_clean_xss()
         );
     }
 
+    /** @test */
+    public function it_can_escape_markups()
+    {
+        $this->assertEquals(
+            '<p>&lt;b&gt;This is a script&lt;/b&gt;&lt;script&gt;alert(\'hello\');&lt;/script&gt;</p>',
+            $this->parser->parse("<b>This is a script</b><script>alert('hello');</script>")
+        );
+
+        $this->app['config']->set('markdown.markups', false);
+
+        $this->assertEquals(
+            '<p><b>This is a script</b><script>alert(\'hello\');</script></p>',
+            $this->parser->parse("<b>This is a script</b><script>alert('hello');</script>")
+        );
+    }
+
     /** @test */
     public function it_can_autolink_the_urls()
     {