Shortcodes for YouTube and iframes

Added shortcodes 2.5.0 as dependency; Earlier versions corrupted non-ASCII characters, see https://github.com/dmulholland/shortcodes/issues/6 The rendered elements have a `shortcode` CSS class. The YouTube shortcode supports various ways to refer to a video: - `{youtube VideoID}` - `{youtube youtube.com or youtu.be URL}` URLs containing an '=' should be quoted, or otherwise the shortcodes library will parse it as "key=value" pair. The IFrame shortcode supports the `cap` and `nocap` attributes. `cap` indicates the required capability the user should have in order to render the tag. If `nocap` is given, its contents are shown as a message to users who do not have this tag; without it, the iframe is silently hidden. `{iframe src='https://source' cap='subscriber' nocap='Subscribe to view'}` Merged test code + added HTML class for shortcode iframes
2018-03-26 11:58:09 +02:00
parent 0841d52dd1
commit f4e0b9185b
9 changed files with 443 additions and 23 deletions
--- a/pillar/markdown.py
+++ b/pillar/markdown.py
@@ -6,6 +6,8 @@ This is for user-generated stuff, like comments.
 import bleach
 import CommonMark

+from . import shortcodes
+
 ALLOWED_TAGS = [
    'a',
    'abbr',
@@ -40,12 +42,14 @@ ALLOWED_STYLES = [
 ]


-def markdown(s):
-    tainted_html = CommonMark.commonmark(s)
+def markdown(s: str) -> str:
+    commented_shortcodes = shortcodes.comment_shortcodes(s)
+    tainted_html = CommonMark.commonmark(commented_shortcodes)
    safe_html = bleach.clean(tainted_html,
                             tags=ALLOWED_TAGS,
                             attributes=ALLOWED_ATTRIBUTES,
-                             styles=ALLOWED_STYLES)
+                             styles=ALLOWED_STYLES,
+                             strip_comments=False)
    return safe_html