Fix escaping markdown by rendering plaintext

[kyrias]

We still need to parse "plaintext" messages through the markdown
renderer so that escappes are rendered properly.

[matrixbot]

Can one of the admins verify this patch?

[kyrias]

(This is a WIP at the moment, will take care of the errors)

[kyrias]

Should be ready fro reviewing now!

[kyrias]

Oh, and I just realized that I accidentally got c819b43 in there, but it's not directly related to this PR, it just fixes the old messageinput component to use the new markdown render function. I can split that out into its own PR if you want.

[kyrias]

Okay, this isn't quite ready for merging yet, there are some more functions that need to be nulled-out, eg " will be HTML entity encoded currently.

[kyrias]

And now that is fixed! This should probably be tested out for a little while by more than just me before this is merged, to try to catch any other possible edge cases.

[kegsay]

Please don't call this render, as it is confusing and can make readers mistake the Markdown class as a React class.

[kegsay]

Also, it is not at all clear that html is a boolean. Please document what it is supposed to do.

[kyrias]

What do you want me to rename it to? toHTML isn't really an apt name anymore with this.

EDIT: I guess I can revert this to be separate functions actually.

[kegsay]

Given most of this function is branching based on this conditional, separate functions sounds excellent, as it will also make it clearer at the call site what you're actually doing toHTML or toPlaintext or whatever.

[kegsay]

Uhh, what is this doing? No comments.

[kyrias]

Ah, seems I only added the comment in the commit message. Will fix that. The normal out function runs the output through a sanitizer that will entity encode things like quotation marks, which is problematic when it happens multiple times.

[kegsay]

Thanks for the explanation. What's lit(s) doing though?

[kegsay]

This should probably be tested out for a little while by more than just me before this is merged, to try to catch any other possible edge cases.

Please add some unit tests for this. This should be pretty easy to do given how modular the Markdown class is.

[kyrias]

Unit tests for what exactly? Just the issue I found (" being entity encoded), or in general? Because for the latter I could really use some suggestions for what to test.

[kegsay]

Unit tests for what exactly? Just the issue I found (" being entity encoded), or in general? Because for the latter I could really use some suggestions for what to test.

The point is to test that the Markdown class actually works. We've already got a good list of stuff we've already found as bugs:

• " being entity encoded.
• Parsing escapes correctly if not markdown (e.g the test data in Riot fails to remove backslashes if the resulting message is entirely plain text element-hq/element-web#2870 )
• -_- not doing <hr> : Replace marked with commonmark #575 (comment)
• Check <s> works as intended : Replace marked with commonmark #575 (comment)
• Check ~~~ does not strikethrough.
• Check that "plain" markdown doesn't incorrectly fail the isPlainText() check (e.g single paragraph test, multiple paragraph test)

[kyrias]

Split the functions and added some test cases now. It seems like while commonmark doesn't strip <s> tags, riot-web seems to not render them. <del> tags work fine though.

[kegsay]

Other than 2 things, this LGTM!

[kegsay]

You don't appear to use html.

[kyrias]

Aah, relics that I missed in my git add -p!

[kegsay]

Likewise I don't think you need the true anymore.

[kegsay]

And here.

[kegsay]

Don't you need to assert that spy.args[0][2] is actually blank to be sure it didn't try to send this as HTML?

[kyrias]

If it tried to send it as HTML the calledOnce assertion will fail, because then sendHtmlMessage will have been used rather than sendTextMessage

[kegsay]

Aha! Gotcha.

[kegsay]

Same here.

[kegsay]

LGTM!