markdown icon indicating copy to clipboard operation
markdown copied to clipboard

Published 20 hours ago verified publisher icon dart-lang

tag-like (but not valid HTML tag) text should be escaped

Open isoos opened this issue 11 months ago • 12 comments

Markdown version: 7.2.2 using GitHubWeb extension set. Originally reported: https://github.com/dart-lang/pub-dev/issues/7559

Input:

Future<List<EntityAnnotation>> **labelDetection**

<EntityAnnotation>

Output:

<p>Future&lt;List<EntityAnnotation>&gt; <strong>labelDetection</strong></p>
<EntityAnnotation>

Expected: <EntityAnnotation> is also escaped to &lt;EntityAnnotation&gt;.

isoos avatar Mar 15 '24 06:03 isoos

/cc @chenzhiguang @devoncarew

isoos avatar Mar 15 '24 06:03 isoos

I don't think this is a bug. I think this is working as expected. Most CommonMark-compliant Markdown implementations do not escape <EntityAnnotation>.

https://babelmark.github.io/?text=Future%3CList%3CEntityAnnotation%3E%3E+labelDetection%0A%0A%3CEntityAnnotation%3E

srawlins avatar Mar 15 '24 17:03 srawlins

/cc @jonasfj

I'm not sure what's the best strategy would be here, but maybe we could apply an escaping before running it through HTML sanitization?

isoos avatar Mar 15 '24 17:03 isoos

cc @kallentu I think we should just be linting text like this, that is reported by the analyzer. This text should just be in backticks.

srawlins avatar Mar 15 '24 19:03 srawlins

In backticks or brackets if you want to link to the types, right/maybe?

jonasfj avatar Mar 15 '24 19:03 jonasfj

Ehhhh. 😁 The formats that the analyzer accepts in square brackets is a short list 😦 . Basically [Foo], [Foo.foo], and [foo.Foo.foo]. So [List<int>] doesn't work, but I would love for it to work some day.

But yes, "in backticks or brackets."

srawlins avatar Mar 15 '24 19:03 srawlins

Uh, I guess that makes sense.

jonasfj avatar Mar 15 '24 22:03 jonasfj

As an FYI, it appears that using:

Future<List\<EntityAnnotation>> **labelDetection**

Notice the \<

Will trick the system into creating html that displays correctly on Github and pub.dev

faithoflifedev avatar Mar 17 '24 22:03 faithoflifedev

Will trick the system into creating html that displays correctly on Github and pub.dev

@faithoflifedev: I think it may produce an <EntityAnnotation> String text in the markdown output, but pub.dev should filter it out with HTML sanitization. Do you have any example page where we are not filtering it?

isoos avatar Mar 17 '24 22:03 isoos

Do you have any example page where we are not filtering it?

Hi @isoos, I originally opened the Issue #7557 that led to this discussion. If I understand your question correctly then you should see an example here - https://pub.dev/packages/google_vision/versions/1.2.0+6#new-helper-methods - you can campare this with - https://pub.dev/packages/google_vision/versions/1.2.0+5#new-helper-methods - where in the first link the HTML is rendered as would be expected by the user (i.e. <EntityAnnotation> is displayed), while on the second link <EntityAnnotation> is missing on the 4th row since the \< workaround was not used.

faithoflifedev avatar Mar 17 '24 22:03 faithoflifedev

@faithoflifedev: to be clear, the linked page source has &lt;EntityAnnotation&gt; content, and not <EntityAnnotation> in the sources (in other words: the HTML sanitization is working as expected, the "trick" is for the markdown rendering).

isoos avatar Mar 17 '24 23:03 isoos

@isoos, understood - my initial problem was the HTML render difference between pub.dev and github.com, which can be resolved with the workaround. From my perspective there's no need for me to pursue this.

From an overall end-user perspective there may be a perception that a README on github.com will render the same on pub.dev, I'll leave that up to the "collective" you to resolve as you see fit 😄

faithoflifedev avatar Mar 17 '24 23:03 faithoflifedev