当前位置: 首页 > 工具软件 > Thinkin' Tags > 使用案例 >

去除html标签 scala,Scaladoc should allow filtering html tags

潘胤
2023-12-01

failing to escape tags is clearly a bug

It's hard to tell bugs from features considering that there is no real specification for scaladoc's markup language. Dotty is using CommonMark but I didn't find any documentation about how this interacts with the traditional tag-based syntax that scaladoc inherited from javadoc, either.

I think we need to start with a spec based on CommonMark that either describes the integration of existing syntactic features - if it is possible to make this work in a non-hacky way - or, alternatively, a new syntax for scaladoc's CommonMark extensions. The old syntax can still be supported behind a flag for migration (like Dotty already does).

This won't prevent HTML injection per se but it allows us to tell bugs from features. And since a CommonMark AST provides a clean separation of embedded HTML from other language features it is possible to implement filtering of HTML or even disable it entirely.

 类似资料: