Use config service to customize markdown parser behavior

[Copilot]

Implementation Complete: Markdown Service Configuration

This PR successfully addresses the TODO in packages/sprinkle-core/app/src/ServicesProvider/MarkdownService.php to use the config service to customize the markdown parser behavior.

✅ Implementation Checklist

• Understand the current MarkdownService implementation
• Review CommonMark configuration options
• Add markdown configuration to default.php config file
• Update MarkdownService to read config from Config service
• Add comprehensive tests for the new configuration behavior
• Update CHANGELOG
• Code review completed
• Address code review feedback (remove trailing whitespace)
• Run security checks with CodeQL
• Final verification complete

📝 Changes Summary

4 files changed: 167 insertions(+), 2 deletions(-)

1. Configuration Added (packages/sprinkle-core/app/config/default.php)

• Added markdown configuration section with sensible defaults for CommonMark v2.7
• Configuration options:
  • html_input (default: 'strip') - Controls HTML handling in markdown (strip/escape/allow)
  • allow_unsafe_links (default: false) - Security setting for link validation
  • max_nesting_level (default: 100) - Prevents excessive nesting attacks
• All options fully documented with inline comments
• Reference to CommonMark documentation included

2. Service Updated (packages/sprinkle-core/app/src/ServicesProvider/MarkdownService.php)

• Reads markdown config from Config service: $config->get('markdown', [])
• Passes configuration to CommonMark Environment constructor
• Removed completed TODO comment
• Minimal change: Only 3 lines modified
• Backward compatible: Empty array fallback ensures no breaking changes

3. Tests Added (packages/sprinkle-core/app/tests/Unit/ServicesProvider/MarkdownServiceTest.php)

• 5 comprehensive test cases covering:
  • Converter creation with default config
  • Converter creation with empty config (backward compatibility)
  • Converter creation with custom config
  • Basic markdown conversion functionality
  • HTML handling according to config settings (XSS protection)
• Follows existing test patterns in the repository
• Uses Mockery for dependency injection testing

4. Documentation Updated (packages/sprinkle-core/CHANGELOG.md)

• Added entry for version 6.0.0-beta.7
• Documents the new markdown configuration feature

🔒 Security Considerations

• Default configuration provides secure defaults (HTML stripping, unsafe links blocked)
• Configuration is customizable for different use cases
• Tests verify XSS protection with html_input: strip setting
• CodeQL security scan: No issues detected

✨ Technical Highlights

• Minimal implementation: Surgical changes only where necessary
• Backward compatible: Existing installations continue to work
• Well tested: Comprehensive test coverage
• Well documented: Config options explained, CHANGELOG updated
• Follows patterns: Consistent with existing codebase conventions

📚 Usage Example

Users can now customize markdown parser behavior in their config files:

'markdown' => [
    'html_input'         => 'allow',  // Allow HTML in markdown
    'allow_unsafe_links' => true,     // Allow all links
    'max_nesting_level'  => 50,       // Lower nesting limit
],

Original prompt

Work on TODO: : Should use the config service to customize the markdown parser behavior. (from packages/sprinkle-core/app/src/ServicesProvider/MarkdownService.php)

Created from VS Code via the GitHub Pull Request extension.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[codecov]

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

[lcharette]

@copilot Remove empty spaces here

[Copilot]

Done. Removed trailing whitespace in commit 5d6f54c.