The "toMarkdown" function prepares content to be sent, primarily, to Diaspora.
The HTML to Markdown converter by default "preserves HTML tags without Markdown equivalents like <span> and <div>." At least according to the README in /friendica/vendor/league/html-to-markdown/ - which also says "To strip HTML tags that don’t have a Markdown equivalent while preserving the content inside them, set strip_tags..."
Diaspora, however, does not appear to know what to DO with the HTML sent to it. It actually appears to encode the HTML and displays the code in the post body rather than rendering it as HTML. In which case it would make more sense to strip out all tags that have no Markdown equivalents.
Example The post as sent from Friendica mixed BBcode and Markdown:
[class=postbox-ocean]Norddeutscher Bürger [/class]
The BBcode gets converted into an HTML <span> tag.
It also looks like Diaspora encoded the Markdown for the image rather than parsing it, or at the very least didn't parse it as Markdown. Yet another reason to strip out HTML that has no Markdown equivalents. It looks like it may be encoding the tags and the content inside the tags.
And, yes, I'm aware the [class] BBcode was marked as "deprecated" in the Friendica code, but it's the only way my Bookface scheme for the "Frio" theme could implement both profile "Cover Photos" and "Postboxes." Which won't display to other platforms anyway, so I don't want to see this custom BBcode removed, I just think it needs to be stripped out before content is delivered to other platforms.
(There is a related issue with Hubzilla where the raw BBcode is coming through unparsed because the [class] code apparently does not exist in Hubzilla's BBcodes. But I've no clue where or how to fix that in Friendica or if it can be as it may need to be handled on Hubzilla's end).
The "toMarkdown" function prepares content to be sent, primarily, to Diaspora.
The HTML to Markdown converter by default "preserves HTML tags without Markdown equivalents like `<span>` and `<div>.`" At least according to the README in _/friendica/vendor/league/html-to-markdown/_ - which also says "To strip HTML tags that don’t have a Markdown equivalent while preserving the content inside them, set strip_tags..."
Diaspora, however, does not appear to know what to DO with the HTML sent to it. It actually appears to _encode_ the HTML and displays the *code* in the post body rather than rendering it as HTML. In which case it would make more sense to strip out all tags that have no Markdown equivalents.
- Replace previous HTML cleanup using DOMDocument
- Remove obsolete HTML::sanitizeCSS method
- Use Strings::autoLinkRegEx for PageInfo::getRelevantUrlFromBody
- Update previous tests expectations
- Add new specific XSS tests
