Add support for inline image Markdown #658
Conversation
melvin-bot
bot
requested review from
puneetlath
and removed request for
a team
| // Currently any markdown used inside the square brackets is converted to html string in the alt attribute | ||
| // The attributes should only contain plain text, but it doesn't seem possible to convert markdown to plain text | ||
| // or let the parser know not to convert markdown to html for html attributes | ||
| xtest('Image with alt text containing markdown', () => { | ||
| const testString = ''; | ||
| const resultString = '<img src="https://example.com/image.png" alt="*bold* _italic_ ~strike~" />'; | ||
| expect(parser.replace(testString)).toBe(resultString); | ||
| }); |
There was a problem hiding this comment.
The interaction of image Markdown with other Markdown features (e.g., bold, italic) currently exhibits partial functionality issues. Specifically, content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML. For instance, given an input like , the output produced is <img src="https://example/img.jpg" alt="<strong>bold</strong>" />.
Although this parsing behavior functions as designed and doesn't seem to cause issues in NewDot, the expected outcome for the alt attribute should be either alt="*bold*" or a plain text alt="bold", without HTML tags. This highlights a known limitation in the current implementation, where Markdown syntax within image alt text does not retain its original or simplified plain text form.
There was a problem hiding this comment.
Created a fix for this in a separate PR: #661
kidroca
changed the title
|
reviewing this as C+ |
|
How's the review going @situchan? |
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
|
How's the review going @situchan? |
|
will complete today. I am also testing with this app PR |
|
I provided feedback on app PR |
| // Currently any markdown used inside the square brackets is converted to html string in the alt attribute | ||
| // The attributes should only contain plain text, but it doesn't seem possible to convert markdown to plain text | ||
| // or let the parser know not to convert markdown to html for html attributes | ||
| xtest('Image with alt text containing markdown', () => { |
There was a problem hiding this comment.
The xtest function in Jest is a way to skip a particular test. When you prefix a test with xtest instead of test, Jest will ignore this test during the test run. This is useful for temporarily disabling a test that might be failing due to unfinished features or bugs that are not yet resolved, without having to comment out the test code. It allows you to easily re-enable the test in the future by changing xtest back to test.
| test('Image with invalid url should remain unchanged', () => { | ||
| const testString = ''; | ||
| expect(parser.replace(testString)).toBe(testString); | ||
| }); |
There was a problem hiding this comment.
Should we add a test for something like:
![banana](https://example.com/banana.png" onerror="alert('xss')")
Tbh not sure if xss like that is even remotely possible based on how the markdown parser works.
There was a problem hiding this comment.
That particular example is converted into an anchor, presumably due to the use of brackets. However, I will add a simpler test to ensure that additional attributes are not captured.
Expected: "![banana](https://example.com/banana.png onerror=\"alert('xss')\")"
Received: "![banana](<a href=\"https://example.com/banana.png\" target=\"_blank\" rel=\"noreferrer noopener\">https://example.com/banana.png</a> onerror="alert('xss')")"
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
kidroca
force-pushed
the
kidroca/md-image-syntax
branch
from
5f4040b to
f843a1f
Compare
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
| test('Trying to pass additional attributes should not create an <img>', () => { | ||
| const testString = '![test](https://example.com/image.png "title" class="image")'; | ||
|
|
||
| // It seems the autolink rule is applied. We might need to update this test if the autolink rule is changed | ||
| // Ideally this test should return the same string as the input, or an <img> tag with the alt attribute set to | ||
| // "test" and no other attributes | ||
| const resultString = '![test](<a href=\"https://example.com/image.png\" target=\"_blank\" rel=\"noreferrer noopener\">https://example.com/image.png</a> "title" class="image")'; | ||
| expect(parser.replace(testString)).toBe(resultString); | ||
| }); | ||
|
|
||
| test('Trying to inject additional attributes should not work', () => { | ||
| const testString = ''; | ||
| const resultString = '<img src=\"https://example.com/image.png\" alt=\"test" onerror="alert('xss')\" />'; | ||
| expect(parser.replace(testString)).toBe(resultString); | ||
| }); |
There was a problem hiding this comment.
Updated the PR to include 2 more tests here, other updates are minor code style/formatting changes applied automatically
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
Related to: Expensify#658 (comment) Content intended for the alt attribute in images is being incorrectly parsed from Markdown to HTML if it contains MD special characters
This Pull Request introduces enhancements to the ExpensiMark library by implementing the conversion of image markdown syntax to HTML
<img>tags and vice versa. It covers various cases including handling single images and text containing images.Additionally, it addresses the conversion of
<img>tags back to markdown.An issue with image alt text containing markdown not converting to plain text is acknowledged and currently marked as a limitation.
Fixed Issues
$ Expensify/App#37246
Tests
Unit/Integration Tests Covering the Change:
ExpensiMark-HTML-test.js,ExpensiMark-HTMLToText-test.js, andExpensiMark-Markdown-test.js. These tests validate the conversion of image markdown to HTML tags, the handling of images with different attributes, and the conversion of HTML<img>tags back to markdown.Tests Performed to Validate Changes:
<img>tags and vice versa.QA
QA Validation Steps:
). These should not be parsed and ought to remain displayed as the raw Markdown text, without conversion or rendering as an image.Areas to Test for Regressions: