From d97b02cca9c6a1ea29d5a79eb556885c1f6d4026 Mon Sep 17 00:00:00 2001 From: Christopher McCulloh Date: Mon, 30 Oct 2023 12:05:26 -0400 Subject: [PATCH 1/5] upgrades remarkable (for security fixes) --- index.js | 32 ++++++++++++++++++++++---------- package.json | 2 +- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/index.js b/index.js index 304c212..00f0a46 100644 --- a/index.js +++ b/index.js @@ -9,7 +9,8 @@ var fs = require('fs'); var path = require('path'); -var Remarkable = require('remarkable'); +var { Remarkable } = require('remarkable'); +const { linkify } = require('remarkable/linkify'); var extend = require('extend-shallow'); var exists = require('fs-exists-sync'); var ent = require('ent'); @@ -18,7 +19,7 @@ var ent = require('ent'); * Expose `md` helper */ -var helper = module.exports = function(name, options, cb) { +var helper = (module.exports = function (name, options, cb) { if (typeof options === 'function') { cb = options; options = {}; @@ -106,12 +107,23 @@ helper.sync = function(name, options) { */ function markdown(options) { - return new Remarkable(extend({ - breaks: false, - html: true, - langPrefix: 'lang-', - linkify: true, - typographer: false, - xhtmlOut: false - }, options)); + const useLinkify = options.linkify === false ? false : true; + delete options.linkify; + + let remarkable = new Remarkable( + extend( + { + breaks: false, + html: true, + langPrefix: 'lang-', + typographer: false, + xhtmlOut: false, + }, + options + ) + ); + if (useLinkify) { + remarkable.use(linkify); + } + return remarkable; } diff --git a/package.json b/package.json index 9878c02..a9f1a81 100644 --- a/package.json +++ b/package.json @@ -28,7 +28,7 @@ "ent": "^2.2.0", "extend-shallow": "^2.0.1", "fs-exists-sync": "^0.1.0", - "remarkable": "^1.6.2" + "remarkable": "^2.0.1" }, "devDependencies": { "engine-base": "^0.1.2", From 4274a1a5e28e49c25c82660f5114a20ab9e942ed Mon Sep 17 00:00:00 2001 From: Christopher McCulloh Date: Mon, 30 Oct 2023 12:05:54 -0400 Subject: [PATCH 2/5] upgrades highlight.js (for security fixes) --- package.json | 2 +- test/fixtures/e.md | 2 +- test/test.js | 13 ++++++++----- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/package.json b/package.json index a9f1a81..903d0dc 100644 --- a/package.json +++ b/package.json @@ -34,7 +34,7 @@ "engine-base": "^0.1.2", "gulp-format-md": "^0.1.9", "handlebars": "^4.0.5", - "highlight.js": "^9.3.0", + "highlight.js": "^11.9.0", "lodash": "^4.12.0", "mocha": "^2.4.5", "templates": "^0.17.2" diff --git a/test/fixtures/e.md b/test/fixtures/e.md index df3f03c..e692e5f 100644 --- a/test/fixtures/e.md +++ b/test/fixtures/e.md @@ -1,6 +1,6 @@ # EEE -``` +```javascript var message = 'This is an alert'; alert(message); ``` diff --git a/test/test.js b/test/test.js index 09b961b..482705a 100644 --- a/test/test.js +++ b/test/test.js @@ -126,11 +126,11 @@ describe('lodash:', function() { describe('highlight:', function(argument) { it('should support syntax highlighting', function() { - var actual = md.sync('test/fixtures/e.md', { - highlight: function(code, lang) { + var actual = md.sync("test/fixtures/e.md", { + highlight: function (code, lang) { try { try { - return hljs.highlight(lang, code).value; + return hljs.highlight(code, { language: lang }).value; } catch (err) { if (!/Unknown language/i.test(err.message)) { throw err; @@ -140,8 +140,11 @@ describe('highlight:', function(argument) { } catch (err) { return code; } - } + }, }); - assert.equal(actual, '

EEE

\n
var message = \'This is an alert\';\nalert(message);\n
\n'); + assert.equal( + actual, + '

EEE

\n
var message = \'This is an alert\';\nalert(message);\n
\n' + ); }); }); From 7149d59523ebacdc070e447208695d6cfdcf7092 Mon Sep 17 00:00:00 2001 From: Christopher McCulloh Date: Mon, 30 Oct 2023 12:08:03 -0400 Subject: [PATCH 3/5] simplifies code --- test/test.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test.js b/test/test.js index 482705a..d810d20 100644 --- a/test/test.js +++ b/test/test.js @@ -127,10 +127,10 @@ describe('lodash:', function() { describe('highlight:', function(argument) { it('should support syntax highlighting', function() { var actual = md.sync("test/fixtures/e.md", { - highlight: function (code, lang) { + highlight: function (code, language) { try { try { - return hljs.highlight(code, { language: lang }).value; + return hljs.highlight(code, { language }).value; } catch (err) { if (!/Unknown language/i.test(err.message)) { throw err; From d3d2353d72ac8e0da6de8ae07278afa6b8ff3c6b Mon Sep 17 00:00:00 2001 From: Christopher McCulloh Date: Mon, 30 Oct 2023 12:09:58 -0400 Subject: [PATCH 4/5] Removes errant ( --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 00f0a46..689cc78 100644 --- a/index.js +++ b/index.js @@ -19,7 +19,7 @@ var ent = require('ent'); * Expose `md` helper */ -var helper = (module.exports = function (name, options, cb) { +var helper = module.exports = function (name, options, cb) { if (typeof options === 'function') { cb = options; options = {}; From 596d96455e1d3a0136c20674aae77429b5f15d6a Mon Sep 17 00:00:00 2001 From: Christopher McCulloh Date: Mon, 30 Oct 2023 12:10:58 -0400 Subject: [PATCH 5/5] Match project formatting settings --- index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.js b/index.js index 689cc78..e46e29b 100644 --- a/index.js +++ b/index.js @@ -19,7 +19,7 @@ var ent = require('ent'); * Expose `md` helper */ -var helper = module.exports = function (name, options, cb) { +var helper = module.exports = function(name, options, cb) { if (typeof options === 'function') { cb = options; options = {};