Markdown to quote
·Write > at the beginning
>quotes
Q
"·How do I ""HTML conversion"" after ""HTML escape"" the markdown string containing the above?"
Tried
"·I couldn't think of a way to avoid conversion, so after conversion, if the beginning is """" & """", I tried to return it to "">"", but it didn't work
$targetStr=">Why is the quoted markdown this symbol?";
preg_replace("/^>/", ">", htmlspecialchars($targetStr,ENT_QUOTES,'UTF-8'));
How do I "HTML Conversion" a markdown string after "HTML Escape"?
> and other characters that are meaningful in HTML but are also used in markdown grammarTherefore, you must not perform HTML escape before converting markdown.
If you want to remove the HTML tag,
and so on.
Note: This is the answer to the previous revision of the question.
<blockquote> Why isn't it translated properlyOriginal Markdown
>Target string
post-escape string
>Target string
Convert to HTML
<p>> interesting string</p>
The interruption of step 2 means that Markdown's quote ">..." is no longer applied and is no longer converted to <blockquote>.
htmlspecialchars can only convert "&", ", ', <, >", so decorations that use "#" are not affected.
Original Markdown
###Target string
post-escape string
###Target string
Convert to HTML
<h3>Target string</h3>
<blockquote> equivalent decorations while escapingI don't think cebe/markdown itself is evaluating the input string internally (please confirm), so I think it would be better if the escape was converted from Markdown to HTML.
See also About where htmlspecialchars() can be used to combat vulnerabilities
By the way, cebe/markdown's #106 and #116 recommend HTML Purifier for XSS protection.
© 2024 OneMinuteCode. All rights reserved.