Use Html In Markdown



Feature #20497

Markdown-rails processes static.html.md views, so you can use Markdown as a templating language like Erb.

  • HTML isn't exactly easy for ordinary people to comprehend and use correctly, and allowing it's use in web forms then entails measures to be taken to prevent.
  • This might be more of a feature request than a bug report, but I would expect Prettier to be able to parse html inside of a markdown file as if it were an html code snippet or.html file.
  • Many projects don't start with a defined structure and change with the pass of time. For example, a basic blog may start from the beginning using the HTML format to store its content on the database, however someday someone may want to start using Markdown instead of HTML due to its simplicity, in such case you need to convert the content from one format to another.
  • In general, there’s no reason in Markdown why you can’t use the signs “as they are”. However, since users have the possibility of mixing up Markdown with HTML, this is more complicated in practice. The parser understands when you want the simple characters and when you want HTML code so you don’t need to solve this problem yourself.
Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Text formatting
Target version:Candidate for next major release
Resolution:

Description

Show markdown in html

As discussed in #15520#note-16 currently HTML is disabled. This brings several important issues which need to be addressed:

  • Markdown without HTML is not any more Markdown, but rather a very limited flavour
  • because it's a flavour, it needs to be named differently (according to John Gruber)
  • users of CKEditor (or similar) can't easily migrate
  • Redmine is very often deployed on non-public networks and thus using HTML is quite safe

The easiest solution would be to introduce 2 formatting options instead of one:

1. 'Markdown (with HTML)'
1. 'Markdown (without HTML)'

Also, there would need to be two different markup manuals (a modern variant based on side-by-side live preview as on http://agea.github.io/tutorial.md/ might be worth looking at and possibly copying from - it's MIT licensed).

0001-adds-an-additional-Markdown-format-that-allows-user-.patch - patch that adds a Markdown (with HTML) formatter (14.4 KB)

Related issues

History

#1 Updated by Go MAEDAover 5 years ago

Html
  • Related toDefect #807: HTML not escaped in ticket descriptions added

#2 Updated by Toshi MARUYAMA over 5 years ago

  • Description updated (diff)

#3 Updated by @ go2nullover 5 years ago

Html

Useful background discussion here #15520Markdown formatting, including links to the following source for Textile and Markdown.

#4 Updated by Go MAEDAover 5 years ago

  • Related toFeature #15520: Markdown formatting added

#5 Updated by Go MAEDAover 5 years ago

#6 Updated by Go MAEDAover 5 years ago

  • Priority changed from High to Normal

#7 Updated by @ go2nullover 5 years ago

Here is StackOverflow's disclaimer:
http://stackoverflow.com/editing-help#html


Inline HTML

If you need to do something that Markdown can't handle, use HTML. Note that we only support a very strict subset of HTML!

Markdown is smart enough not to mangle your span-level HTML:

Block-level HTML elements have a few restrictions:
  1. They must be separated from surrounding text by blank lines.
  2. The begin and end tags of the outermost block element must not be indented.
  3. Markdown can't be used within HTML blocks.

And here are the allowed HTML tags:

#8 Updated by James Hover 5 years ago

i run our redmine on a non-public network and would like to use this feature, but for our use case, we would need to be able to specify which projects would have this enabled or disabled. Most of our users are not 'power' users (do not know html) and so only a limited number of projects would get this setting enabled.

It would also be great if it could be even more customize-able than that (by trackers, by users, etc.).

#9 Updated by JW Fuchsalmost 5 years ago

#10 Updated by Ben Blancoalmost 5 years ago

I concur that Markdown without HTML is a flavoured(down) version of Markdown.

Github.com also rely on redcarpet gem, but they first sanitize the raw input before passing it onto redcarpet, see https://github.com/github/markup#github-markup (code is under Github's 'BSD-like?' license).

The sanitization is done by html-pipeline which is available as a gem, (its code is under MIT license).

By doing so they allow fair set of HTML tags:

Note: code excerpt from html-pipeline's sanitization_filter.rb at line 44.

Does anyone on this thread, or devs at redmine.org, think that it could be an option to implement the same process for redmine? And/or even re-use Github's code?

Last, #20497#note-8 made me think - though maybe not a good idea (that's why I ask) - if redmine's permissions model could be used to handle who has the right to input HTML tags in Wiki/Issue markdown.. Not sure if it would be better/more flexible than allowing HTML input on a per-project-basis...or have both options?

In all cases, being able to use HTML in redmine w/ markdown (in my case first and foremost for building better <tables> than Markdown's syntax allows for) would be awesome!

Thx :)

#11 Updated by Anonymous almost 5 years ago

Ben Blanco wrote:

In all cases, being able to use HTML in redmine w/ markdown (in my case first and foremost for building better <tables> markdown's syntax allows for) would be awesome!

Thx :)

That is exactly the same reason I like to allow markup in my Markdown input.. I disabled the filter_html rule in the core formatting rules for my privately hosted Redmine instance to allow that, so that's sorted it out for me. I like the idea of making this behaviour configurable, I believe I may have suggested the same thing in some of the other Markdown-related tickets too.

Show markdown in html

Just keep in mind, as per mc0e's reply to my question on this matter, if you're running a public facing Redmine server you will have some security concerns to consider. For LAN or WAN only servers (like in my case) this isn't really a problem.

Adding Html In Markdown

#12 Updated by Adrien Crivellialmost 5 years ago

HTML in markdown is also required to solve the cases of two consecutive lists, or a list followed by code block as described in details in pandoc manual. Basically we use HTML comment (<!-- -->) to mark the end of a list when necessary. This is also explained here, where it's stated that all Markdown libs behave the same and that there is no other solution than using HTML comment.

So at the very least a subset of HTML really seems to be a necessity. Tables and comments being the obvious one.

#13 Updated by Dan Hiabout 2 years ago

This has been mentioned in others issues pointing at this one, but my #1 reason for wanting HTML would currently be the resizing of images or using thumbnails. Coming from JIRA where thumbnails are quite easy.

See here

'With certain Markdown implementations (including Mou and Marked 2 (only macOS)) you can append =WIDTHxHEIGHT after the URL of the graphic file to resize the image. Do not forget the space before the =.'

The lack of this sent me towards the html option, which honestly is part of true markdown. I'm not sure why it's so hard to rename markdown in redmine to 'redmine markdown'--that's a bare minimum of what should be done here. I'm not interested in hacking the rbs to allow HTML, only to lose it after an update.

If not HTML, then image resizing. And in either case, call it 'redmine markdown' to avoid confusion about what it supports.

#14 Updated by Bernhard Rohloffabout 2 years ago

Some time ago I've made a plugin to add a macro for that purpose as proposed in RE: how to allow html tag in redmine wiki. The syntax is quite easy and there's no need for an extra setting. I can attach it here on Monday if there's demand for it.

#15 Updated by Jens Krämerover 1 year ago

  • File0001-adds-an-additional-Markdown-format-that-allows-user-.patch added

Here's a patch that adds a second Markdown (with HTML) formatter which allows HTML input like tables etc and sanitizes the resulting HTML using Rails' HTML sanitization tools to prevent XSS etc. I have no idea how well that would work for handling CKEditor content, ymmv.

That's more or less just a proof of concept - I dont think that having two Markdown flavors is really a good idea. Ultimately, I don't see a problem with generally allowing HTML for the standard Redmine Markdown formatting as long as the output is sanitized properly. One might think about using the sanitize gem like Github does instead of Rails' Loofah based sanitizer as it allows for more granular definition of rules and is potentially safer / better due to the different HTML/CSS parsers used. Also, Rails' sanitize strips HTML comments which makes this patch useless if you want to support the HTML comment based list separation technique mentioned above :) However adding <p></p> between two lists serves the same purpose (and even works with Redmine's stock Markdown formatter).

I like the html-pipeline approach a lot, but introducing that to Redmine core would imo only make sense as part of a bigger refactoring / modularization of the whole textile/markdown rendering.

#16 Updated by Go MAEDAover 1 year ago

  • Target version set to Candidate for next major release

#17 Updated by Jan from Planio www.plan.ioover 1 year ago

  • Related toPatch #32424: CommonMark Markdown Text Formatting added

Use Html Tags In Markdown

Also available in: AtomPDF