WEB-63896 Documentation tooltips that reference HTML elements, may render an...

WEB-63896 Documentation tooltips that reference HTML elements, may render an HTML element in the text. GitOrigin-RevId: 95de9ea1edff79333a6035d75cdd2a2b3d21de95

WEB-63896 Documentation tooltips that reference HTML elements, may render an...
WEB-63896 Documentation tooltips that reference HTML elements, may render an HTML element in the text. GitOrigin-RevId: 95de9ea1edff79333a6035d75cdd2a2b3d21de95
9284fada · Piotr Tomiak · intellij-monorepo-bot · 81057762 · 9284fada · 9284fada
Commit 9284fada authored 1 year ago by Piotr Tomiak Committed by intellij-monorepo-bot 1 year ago
Hide whitespace changes
Inline Side-by-side

Showing

with 63 additions and 3 deletions
+63 -3
--- a/platform/markdown-utils/src/com/intellij/markdown/utils/MarkdownToHtmlConverter.kt
+++ b/platform/markdown-utils/src/com/intellij/markdown/utils/MarkdownToHtmlConverter.kt
@@ -5,6 +5,7 @@ import com.intellij.openapi.util.NlsSafe
 import org.intellij.markdown.IElementType
 import org.intellij.markdown.flavours.MarkdownFlavourDescriptor
 import org.intellij.markdown.flavours.gfm.GFMFlavourDescriptor
+import org.intellij.markdown.html.DUMMY_ATTRIBUTES_CUSTOMIZER
 import org.intellij.markdown.html.HtmlGenerator
 import org.intellij.markdown.parser.LinkMap
 import org.intellij.markdown.parser.MarkdownParser
@@ -31,7 +32,11 @@ class MarkdownToHtmlConverter(
 private val embeddedHtmlType = IElementType("ROOT")

 fun convertMarkdownToHtml(@NlsSafe markdownText: String): String {
+  return convertMarkdownToHtmlWithTagRenderer(markdownText, HtmlGenerator.DefaultTagRenderer(DUMMY_ATTRIBUTES_CUSTOMIZER, false))
+}
+
+fun convertMarkdownToHtmlWithTagRenderer(@NlsSafe markdownText: String, tagRenderer: HtmlGenerator.TagRenderer): String {
  val flavour = GFMFlavourDescriptor()
  val parsedTree = MarkdownParser(flavour).parse(embeddedHtmlType, markdownText)
-  return HtmlGenerator(markdownText, parsedTree, flavour).generateHtml()
+  return HtmlGenerator(markdownText, parsedTree, flavour).generateHtml(tagRenderer)
 }
\ No newline at end of file
--- a/platform/webSymbols/intellij.platform.webSymbols.iml
+++ b/platform/webSymbols/intellij.platform.webSymbols.iml
@@ -19,6 +19,7 @@
    <orderEntry type="library" name="jackson-module-kotlin" level="project" />
    <orderEntry type="library" name="fastutil-min" level="project" />
    <orderEntry type="library" name="commons-compress" level="project" />
+    <orderEntry type="library" name="jetbrains.markdown" level="project" />
    <orderEntry type="module" module-name="intellij.platform.testFramework" scope="TEST" />
    <orderEntry type="module" module-name="intellij.platform.markdown.utils" />
  </component>

--- a/platform/webSymbols/src/com/intellij/webSymbols/utils/HtmlMarkdownUtils.java
+++ b/platform/webSymbols/src/com/intellij/webSymbols/utils/HtmlMarkdownUtils.java
@@ -6,8 +6,11 @@ import com.intellij.openapi.util.NlsSafe;
 import com.intellij.openapi.util.TextRange;
 import com.intellij.openapi.util.text.StringUtil;
 import com.intellij.ui.ColorUtil;
+import com.intellij.util.containers.CollectionFactory;
 import com.intellij.util.containers.ContainerUtil;
 import com.intellij.util.ui.UIUtil;
+import org.intellij.markdown.ast.ASTNode;
+import org.intellij.markdown.html.HtmlGenerator;
 import org.jetbrains.annotations.Contract;
 import org.jetbrains.annotations.Nls;
 import org.jetbrains.annotations.NotNull;
@@ -17,7 +20,7 @@ import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

-import static com.intellij.markdown.utils.MarkdownToHtmlConverterKt.convertMarkdownToHtml;
+import static com.intellij.markdown.utils.MarkdownToHtmlConverterKt.convertMarkdownToHtmlWithTagRenderer;

 /**
 * TODO move to contrib/markdown/lib/intellij-markdown.jar
@@ -223,7 +226,7 @@ public final class HtmlMarkdownUtils {

  private static @Nullable @NlsSafe String convert(@NotNull @Nls String text) {
    try {
-      return convertMarkdownToHtml(text);
+      return convertMarkdownToHtmlWithTagRenderer(text, new SanitizingTagRendered());
    }
    catch (Exception e) {
      LOG.warn(e.getMessage(), e);
@@ -280,4 +283,55 @@ public final class HtmlMarkdownUtils {

    return str.trim();
  }
+
+  private static class SanitizingTagRendered extends HtmlGenerator.DefaultTagRenderer {
+
+    private static final Set<CharSequence> allowedTags = CollectionFactory.createCharSequenceSet(false);
+
+    static  {
+      allowedTags.addAll(Arrays.asList(
+        // Content sectioning
+        "h1", "h2", "h3", "h4", "h5", "h6",
+        // Text content
+        "blockquote", "div", "dd", "dl", "dt",
+        "hr", "li", "ol", "ul", "pre", "p",
+        // Inline text semantic
+        "a", "abbr", "b", "br", "cite", "code", "em", "i", "s", "span", "strong", "u", "wbr",
+        // Image and multimedia
+        "img",
+        // Svg and math
+        "svg", "math",
+        // Table,
+        "caption", "col", "colgroup", "table", "tbody", "td", "tfoot", "th", "thead", "tr"
+      ));
+    }
+
+    private SanitizingTagRendered() {
+      super((a,b,c) -> c, false);
+    }
+
+    @NotNull
+    @Override
+    public CharSequence openTag(@NotNull ASTNode node,
+                                @NotNull CharSequence tagName,
+                                CharSequence @NotNull[] attributes,
+                                boolean autoClose) {
+      var result = super.openTag(node, tagName, attributes, autoClose);
+      if (!allowedTags.contains(tagName)) {
+        return StringUtil.escapeXmlEntities(result.toString());
+      } else {
+        return result;
+      }
+    }
+
+    @NotNull
+    @Override
+    public CharSequence closeTag(@NotNull CharSequence tagName) {
+      if (!allowedTags.contains(tagName)) {
+        return StringUtil.escapeXmlEntities(super.closeTag(tagName).toString());
+      } else {
+        return super.closeTag(tagName);
+      }
+    }
+  }
 }