package kkmarkdown

  1. Overview
  2. Docs
A safe markdown engine

Install

Dune Dependency

Authors

Maintainers

Sources

1.1.0.tar.gz
md5=a20517d95590d03ff5b7670323b8b0dd
sha512=97b3faa09e23ab88c5b4dcabe88f29e5c675b6bb4b0c9230ec105a70b01b37b54274cc0ab4a5eed84a754a99e3664e116a7aba6c9697e3669229985f1bf749be

Description

Two main goals of kkmarkdown are:

  • avoiding XSS attack by limiting supported markdown syntax,
  • enabling us to run the same markdown engine in both server and client sides, thanks to js_of_ocaml.

Published: 06 Dec 2023

README

kkmarkdown

A safe markdown engine

Goal:

Not goal:

  • Generating legit HTML is not a goal. Garbage in, garbage out at the moment.

Build & run

Install dependencies:

$ opam install --deps-only . [--with-test]

Build:

$ make [|test|doc|clean|fmt]

It will make

  • one executable _build/install/default/bin/kkmarkdown

  • one javascript _build/install/default/share/kkmarkdown/kkmarkdown.js

In shell (using stdin):

$ kkmarkdown
*abc* (then control+D)
<p><em>abc</em></p>

or (using file)

$ echo "*abc*" > a
$ kkmarkdown a
<p><em>abc</em></p>

In html:

<script src='https://kkeun.net/kkmarkdown.js'></script>
<script>result = kkmarkdown.trans("*abc*");</script>

Unsafe mode

There is unsafe mode that can be used when the markdown source is trustworthy. See below for supported syntax in the unsafe mode:
https://kkeundotnet.github.io/kkmarkdown/kkmarkdown/syntax.html

In shell:

$ kkmarkdown --unsafe [FILE]

In html:

<script>result = kkmarkdown.unsafe("*abc*");</script>

RSS mode

RSS mode suppresses classes and inline HTMLs in the unsafe mode. HTML classes or inline HTMLs including javscripts may not work properly in external feed readers.

$ kkmarkdown --rss --unsafe [FILE]

Dev Dependencies (2)

  1. odoc with-doc
  2. alcotest with-test

Used by

None

Conflicts

None

OCaml

Innovation. Community. Security.