package kkmarkdown

  1. Overview
  2. Docs
A safe markdown engine

Install

Dune Dependency

Authors

Maintainers

Sources

1.0.0.tar.gz
md5=cc8056af18a204bf68d60f50be5a9de7
sha512=452ef12429aa68606e79b82d883275abd05659fec52509dfa18d7de0edcfa0afba7fa9001d9643c5ad072a494ad8593c6f127e382b06d6c224964b3a7969f388

Description

The goals of kkmarkdown are,

  • to avoid XSS attack, by supporting limited markdown syntax,
  • to run the same markdown engine in both server and client sides, thanks to js_of_ocaml.

Published: 20 Dec 2022

README

kkmarkdown

A safe markdown engine

Goal:

Not goal:

  • Generating legit HTML is not a goal. Garbage in, garbage out at the moment.

Build & run

Install dependencies:

$ opam install --deps-only . [--with-test]

Build:

$ make [|test|doc|clean|fmt]

It will make

  • one executable _build/install/default/bin/kkmarkdown

  • one javascript _build/install/default/share/kkmarkdown/kkmarkdown.js

In shell (using stdin):

$ kkmarkdown
*abc* (then control+D)
<p><em>abc</em></p>

or (using file)

$ echo "*abc*" > a
$ kkmarkdown a
<p><em>abc</em></p>

In html:

<script src='https://kkeun.net/kkmarkdown.js'></script>
<script>result = kkmarkdown.trans("*abc*");</script>

Unsafe mode

There is unsafe mode that can be used when the markdown source is trustworthy. See below for supported syntax in the unsafe mode:
https://kkeundotnet.github.io/kkmarkdown/kkmarkdown/syntax.html

In shell:

$ kkmarkdown --unsafe [FILE]

In html:

<script>result = kkmarkdown.unsafe("*abc*");</script>

RSS mode

RSS mode suppresses classes and inline HTMLs in the unsafe mode. HTML classes or inline HTMLs including javscripts may not work properly in external feed readers.

$ kkmarkdown --rss --unsafe [FILE]

Dev Dependencies (2)

  1. odoc with-doc
  2. alcotest with-test

Used by

None

Conflicts

None

OCaml

Innovation. Community. Security.