I need to incorporate user submitted content in my website. For this I’d like to accept markdown, but still while disallowing parts of the spec, like images, for example. So, something like:
{{ user_submission | markdown(disallow=["img", "h3", "h4", "h5", "h6"]) }}
Theoretically it’s probably possible to do this with the built-in tera filters, but I think it would be more elegant as I submitted above.
Is this something that @keats would be interested in accepting a PR for?
It’s a bit tricky to implement I think. Right now the markdown filter uses the same code as for pages/sections, including shortcodes/internal links.
I’m guessing you don’t want those either so you would need a different rendering pipeline. But then, do you want syntax highlighting etc?
What should happen with the disallowed tags (I’d prefer allow rather than disallow)? Silently dropped? An error?
Yeah, that makes sense regarding the pipeline and how that might make things difficult to change. I haven’t looked at the zola code in a while either.
I’m guessing you don’t want those either
I actually am perfectly fine with the default Zola markdown → HTML pipeline for pages and sections as is now. For more context, I’m accepting comments on a website of mine, and each comment is saved as a toml table in .toml file, collated with my pages. I use the markdown filter from within a macro to build the comment listings. So in my case, just adding the feature to the filter is enough.
What should happen with the disallowed tags (I’d prefer allow rather than disallow)? Silently dropped? An error?
I was thinking they’d just have their HTML tags stripped and the plaintext form of the markdown is what would be shown. That way, it’s still readable, and it doesn’t lead to broken builds.
So I was able to achieve this actually with tera filters, although the code is a little crazy, since the string processing in tera is very limited. Just a macro with a lot of split and join, and some slicing.
Anyways, one of the oddities that I encountered is that
{# this renders as an html string #}
{{ util::filter_md(md=txt, disallow=["img"]) | safe }}
Would behave differently from storing it as a variable, and putting that in an expression
{# this renders as actual html #}
{% set temp = util::filter_md(md=txt, disallow=["img"] %}
{{ temp | safe }}
I’m just curious if this is expected behavior? It seems like they should be the same, but they’re not.
In the first snippet, you’re putting the safe filter on the array. Is that a typo?
Yeah, a typo. It’s supposed to be {{ (output of macro) | safe }}, but I updated the original.