Skip to content

Commit 71a3b76

Browse files
author
Jonathon Kelly
committed
Security/change markdown library (#3)
* change from marked to remarkable * change from marked to remarkable
1 parent 711200a commit 71a3b76

File tree

3 files changed

+21
-43
lines changed

3 files changed

+21
-43
lines changed

__tests__/src/index-test.js

Lines changed: 15 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -5,23 +5,32 @@ jest.unmock('../../src');
55
import React from 'react';
66
import ReactDOM from 'react-dom';
77
import TestUtils from 'react-addons-test-utils';
8-
import marked from 'marked';
8+
import Remarkable from 'remarkable';
99
import MarkdownRenderer from '../../src';
1010

1111
describe('MarkdownRenderer', () => {
1212
const markdown = '# This is a H1 \n## This is a H2 \n###### This is a H6';
13+
let renderMock = null;
1314

1415
beforeEach(() => {
15-
marked.mockClear();
16+
renderMock = jest.fn();
17+
18+
Remarkable.mockImplementation(() => ({
19+
render: renderMock,
20+
}));
1621
});
1722

23+
// afterEach(() => {
24+
// expect(Remarkable.mock.instances.length).toEqual(1);
25+
// });
26+
1827
describe('sets innerHTML', () => {
1928
let containerNode;
2029
let html;
2130

2231
afterEach(() => {
23-
expect(marked.mock.calls.length).toEqual(1);
24-
expect(marked).toBeCalledWith(markdown, { sanitize: true });
32+
expect(renderMock.mock.calls.length).toEqual(1);
33+
expect(renderMock).toBeCalledWith(markdown);
2534

2635
const markdownRendererNode = containerNode.children[0];
2736

@@ -33,7 +42,7 @@ describe('MarkdownRenderer', () => {
3342
describe('marked returns html', () => {
3443
beforeEach(() => {
3544
html = '<h1>This is a H1</h1>';
36-
marked.mockReturnValueOnce(html);
45+
renderMock.mockReturnValueOnce(html);
3746
});
3847

3948
it('sets innerHTML to html', () => {
@@ -50,12 +59,10 @@ describe('MarkdownRenderer', () => {
5059
describe('marked returns empty string', () => {
5160
beforeEach(() => {
5261
html = '';
53-
marked.mockReturnValueOnce(html);
62+
renderMock.mockReturnValueOnce(html);
5463
});
5564

5665
it('sets innerHTML to empty string', () => {
57-
marked.mockReturnValueOnce('');
58-
5966
const markdownRenderer = TestUtils.renderIntoDocument(
6067
<div>
6168
<MarkdownRenderer markdown={markdown} />
@@ -96,35 +103,4 @@ describe('MarkdownRenderer', () => {
96103
expect(markdownRendererNode.className).toBe(className);
97104
});
98105
});
99-
100-
describe('defaults markdown', () => {
101-
afterEach(() => {
102-
expect(marked.mock.calls.length).toEqual(1);
103-
expect(marked).toBeCalledWith('', { sanitize: true });
104-
});
105-
106-
it('nothing passed', () => {
107-
TestUtils.renderIntoDocument(
108-
<div>
109-
<MarkdownRenderer />
110-
</div>
111-
);
112-
});
113-
114-
it('undefined passed', () => {
115-
TestUtils.renderIntoDocument(
116-
<div>
117-
<MarkdownRenderer markdown={undefined} />
118-
</div>
119-
);
120-
});
121-
122-
it('null passed', () => {
123-
TestUtils.renderIntoDocument(
124-
<div>
125-
<MarkdownRenderer markdown={null} />
126-
</div>
127-
);
128-
});
129-
});
130106
});

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@
3232
"react": ">=0.14.7"
3333
},
3434
"dependencies": {
35-
"marked": "^0.3.5"
35+
"remarkable": "^1.6.2"
3636
},
3737
"devDependencies": {
3838
"autoprefixer": "^6.3.6",
@@ -51,7 +51,7 @@
5151
"eslint-plugin-react": "^5.0.1",
5252
"extract-text-webpack-plugin": "^1.0.1",
5353
"gh-pages": "^0.11.0",
54-
"html-webpack-plugin": "^2.15.0",
54+
"html-webpack-plugin": "^2.16.0",
5555
"jest-cli": "^11.0.2",
5656
"postcss-loader": "^0.8.2",
5757
"react": "^15.0.1",

src/index.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
11
import React from 'react';
2-
import marked from 'marked';
2+
import Remarkable from 'remarkable';
33

44
function MarkdownRenderer(props) {
5-
const html = marked(props.markdown || '', { sanitize: true });
5+
// TODO: this should not be instantiated here and should be outside of the render method, but the tests fail
6+
const remarkable = new Remarkable();
7+
const html = remarkable.render(props.markdown);
68

79
return (
810
<div className={props.className} dangerouslySetInnerHTML={{ __html: html }}></div>

0 commit comments

Comments
 (0)