wip

driesvints · driesvints · commit 7c3abbfaa736 · 2025-04-11T11:43:34.000+02:00
diff --git a/app/Markdown/MarkdownServiceProvider.php b/app/Markdown/MarkdownServiceProvider.php
@@ -14,7 +14,7 @@ class MarkdownServiceProvider extends ServiceProvider
 {
     public function register(): void
     {
-        $this->app->singleton(Converter::class, function () {
+        $this->app->singleton(Converter::class, function ($app, array $params = []) {
             $environment = new Environment([
                 'html_input' => 'escape',
                 'max_nesting_level' => 10,
@@ -29,7 +29,9 @@ public function register(): void
                 'external_link' => [
                     'internal_hosts' => config('app.host'),
                     'open_in_new_window' => true,
-                    'nofollow' => 'external',
+                    'nofollow' => ($params['nofollow'] ?? true) ? 'external' : '',
+                    'noreferrer' => ($params['nofollow'] ?? true) ? 'external' : '',
+                    'noopener' => ($params['nofollow'] ?? true) ? 'external' : '',
                 ],
             ]);
 
diff --git a/app/Models/Article.php b/app/Models/Article.php
@@ -100,7 +100,7 @@ public function body(): string
 
     public function excerpt(int $limit = 100): string
     {
-        return Str::limit(strip_tags(md_to_html($this->body())), $limit);
+        return Str::limit(strip_tags(md_to_html($this->body(), false)), $limit);
     }
 
     public function hasHeroImageAuthor(): bool
diff --git a/resources/helpers.php b/resources/helpers.php
@@ -24,9 +24,9 @@ function is_active(mixed $routes): bool
     /**
      * Converts Markdown to a safe HTML string.
      */
-    function md_to_html(string $markdown): string
+    function md_to_html(string $markdown, bool $nofollow = true): string
     {
-        return app(App\Markdown\Converter::class)->toHtml($markdown);
+        return app(App\Markdown\Converter::class, ['nofollow' => $nofollow])->toHtml($markdown);
     }
 }
 
diff --git a/resources/views/articles/show.blade.php b/resources/views/articles/show.blade.php
@@ -121,7 +121,7 @@ class="w-full bg-center bg-gray-800"
                         x-init="$nextTick(function () { highlightCode($el); })"
                         class="prose prose-lg text-gray-800 prose-lio"
                     >
-                        {!! md_to_html($article->body()) !!}
+                        {!! md_to_html($article->body(), false) !!}
                     </div>
 
                     @if ($article->isUpdated())

Original file line number	Diff line number	Diff line change
`@@ -100,7 +100,7 @@ public function body(): string`
`100`	`100`
`101`	`101`	`public function excerpt(int $limit = 100): string`
`102`	`102`	`{`
`103`		`- return Str::limit(strip_tags(md_to_html($this->body())), $limit);`
	`103`	`+ return Str::limit(strip_tags(md_to_html($this->body(), false)), $limit);`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`public function hasHeroImageAuthor(): bool`
Original file line number	Diff line number	Diff line change
`@@ -24,9 +24,9 @@ function is_active(mixed $routes): bool`
`24`	`24`	`/**`
`25`	`25`	`* Converts Markdown to a safe HTML string.`
`26`	`26`	`*/`
`27`		`- function md_to_html(string $markdown): string`
	`27`	`+ function md_to_html(string $markdown, bool $nofollow = true): string`
`28`	`28`	`{`
`29`		`- return app(App\Markdown\Converter::class)->toHtml($markdown);`
	`29`	`+ return app(App\Markdown\Converter::class, ['nofollow' => $nofollow])->toHtml($markdown);`
`30`	`30`	`}`
`31`	`31`	`}`
`32`	`32`
Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,7 @@ class="w-full bg-center bg-gray-800"`
`121`	`121`	`x-init="$nextTick(function () { highlightCode($el); })"`
`122`	`122`	`class="prose prose-lg text-gray-800 prose-lio"`
`123`	`123`	`>`
`124`		`- {!! md_to_html($article->body()) !!}`
	`124`	`+ {!! md_to_html($article->body(), false) !!}`
`125`	`125`	`</div>`
`126`	`126`
`127`	`127`	`@if ($article->isUpdated())`