gno icon indicating copy to clipboard operation
gno copied to clipboard
verified publisher icon gnolang

feat(markdown): SVG extension

Open gfanton opened this issue 2 months ago • 5 comments

This is a draft PR aimed at improving SVG handling by creating a dedicated Markdown extension. It will specifically enable the handling of links within the SVG. Unfortunately, in it's current state it alsoallows JavaScript injection, which is a no go for now.

following and closing #4479

gfanton avatar Oct 10 '25 08:10 gfanton

🛠 PR Checks Summary

🔴 Changes related to gnoweb must be reviewed by its codeowners 🔴 Must not contain the "don't merge" label

Manual Checks (for Reviewers):
  • [ ] IGNORE the bot requirements for this PR (force green CI check)
Read More

🤖 This bot helps streamline PR reviews by verifying automated checks and providing guidance for contributors and reviewers.

✅ Automated Checks (for Contributors):

🟢 Maintainers must be able to edit this pull request (more info) 🔴 Changes related to gnoweb must be reviewed by its codeowners 🔴 Must not contain the "don't merge" label

☑️ Contributor Actions:
  1. Fix any issues flagged by automated checks.
  2. Follow the Contributor Checklist to ensure your PR is ready for review.
    • Add new tests, or document why they are unnecessary.
    • Provide clear examples/screenshots, if necessary.
    • Update documentation, if required.
    • Ensure no breaking changes, or include BREAKING CHANGE notes.
    • Link related issues/PRs, where applicable.
☑️ Reviewer Actions:
  1. Complete manual checks for the PR, including the guidelines and additional checks if applicable.
📚 Resources:
Debug
Automated Checks
Maintainers must be able to edit this pull request (more info)

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 The pull request was created from a fork (head branch repo: gfanton/gno)

Then

🟢 Requirement satisfied
└── 🟢 Maintainer can modify this pull request
Changes related to gnoweb must be reviewed by its codeowners

If

🟢 Condition met
└── 🟢 And
    ├── 🟢 The base branch matches this pattern: ^master$
    └── 🟢 A changed file matches this pattern: ^gno.land/pkg/gnoweb/ (filename: gno.land/pkg/gnoweb/markdown/ext.go)

Then

🔴 Requirement not satisfied
└── 🔴 Or
    ├── 🔴 Or
    │   ├── 🔴 And
    │   │   ├── 🔴 Pull request author is user: alexiscolin
    │   │   └── 🔴 This user reviewed pull request: gfanton (with state "APPROVED")
    │   └── 🔴 And
    │       ├── 🟢 Pull request author is user: gfanton
    │       └── 🔴 This user reviewed pull request: alexiscolin (with state "APPROVED")
    └── 🔴 And
        ├── 🟢 Not (🔴 Pull request author is user: alexiscolin)
        ├── 🔴 Not (🟢 Pull request author is user: gfanton)
        └── 🔴 Or
            ├── 🔴 This user reviewed pull request: alexiscolin (with state "APPROVED")
            └── 🔴 This user reviewed pull request: gfanton (with state "APPROVED")
Must not contain the "don't merge" label

If

🟢 Condition met
└── 🟢 A label matches this pattern: don't merge (label: don't merge)

Then

🔴 Requirement not satisfied
└── 🔴 On no pull request
Manual Checks
**IGNORE** the bot requirements for this PR (force green CI check)

If

🟢 Condition met
└── 🟢 On every pull request

Can be checked by

  • Any user with comment edit permission

Gno2D2 avatar Oct 10 '25 08:10 Gno2D2

Codecov Report

:x: Patch coverage is 92.40506% with 6 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
gno.land/pkg/gnoweb/markdown/ext_svg.go 92.10% 6 Missing :warning:

:loudspeaker: Thoughts on this report? Let us know!

codecov[bot] avatar Oct 10 '25 08:10 codecov[bot]

@gfanton , how is this related to https://github.com/gnolang/gno/pull/4771 ? Should it be merged into this PR?

jefft0 avatar Oct 16 '25 08:10 jefft0

@jefft0 No, there is nothing related to #4771. The goal of my PR is to implement a way to support SVG without using images, primarily to enable linking within SVG.

gfanton avatar Oct 16 '25 09:10 gfanton

Why both <gno-svg> custom tag + <svg> tag ? (btw if you close with </svg></gno-svg> it fails rendering, you must close with </svg>[\n]</gno-svg>)

SVG is difficult to implement as 100% safe - here is some reading

For safe SVG+links I can only think of parsing and only allowing elements we want with something like bluemonday

I had another idea but after trying I found that it does not work 🥲

Except for this your implementation works with what I tested :+1:

vikbez avatar Dec 01 '25 16:12 vikbez