Upgrade markdown parsing

Question

Upgrade markdown parsing

cben opened this issue 9 years ago · 6 comments

markdown.js keeps getting fixes & improvements, I should update CodeMirror.

Most notably moving towards CommonMark (thanks MarcelGerber!)

Answer 1 · 2015-09-08T11:59:22.000Z

Example bug that currently exists and is fixed with CodeMirror master:

> Quote.  This is what causes the list parsing bug.

Not a quote.

text

- list.

text

 - not a list?!

[http://mathdown.net/?doc=bTMM6DtiBuk]

Answer 2 · 2015-11-24T13:38:41.000Z

There is tons of improvements that landed on CM 5 in recent months.
Closer to CommonMark (esp. lists!) and keeps getting closer;
there was a fix to multiplexed markdown/latex;
etc...

Answer 3 · 2018-05-05T22:51:28.000Z

Recent CodeMirror can't be used as-is from submodule — has src/*.js files using require(); to get a combined browser-suitable lib/codemirror.js, would need to use npm module, or run codemirror's build step, or something like that.
I guess it's time to move to npm (revive #109)...

I've toyed with ideas of npm-as-git-submodule gateway. Didn't find anything ready, not gonna shave this yak this time :) cf. cben/plan#8
GitHub pages will no longer work :-(. This was friendly to forks, but the Heroku button is good enough for that.
- gh-pages could still be used as a deploy target, but that loses much of the appeal for me.
Rawgit.com for forks / PRs / old commits will not work — but it doesn't anyway with submodules (rgrove/rawgit#28).
I'm still looking for a simpler static-site hosting.
- probably GitLab pages, which also supports arbitrary build step — pending some security features (#174)
- I'm also looking at Netlify.com and Surge.sh.

Immediate plan to make progress:

get Codemirror via npm
drop documentation about github pages
document npm install necessary before opening local index.html works.
replace all submodules with npm for consistency? cben/CodeMirror-MathJax#45

Answer 4 · 2018-05-05T23:32:31.000Z

Another idea I've considered is getting CodeMirror and MathJax from a CDN, eg. cdnjs / jsDelivr.

Offline is not a consideration — mathdown always needs internet for Firebase.
- However, developement is slightly harder when you want to modify CodeMirror...
SubResource Integrity is a must. https://caniuse.com/#feat=subresource-integrity — not ideal, IE and few others missing. But considering the threat assumes compromise of a well-regarded CDN, that could be OK.
- implementing SRI requires embedding integrity hashes in my html. in principle that should be a build step, in practice easy enough manually.
  - npm 5 has integrity field in package-lock.json, but apparently not exactly related?

Answer 5 · 2018-06-27T04:20:32.000Z

No, CDNs are unacceptable due to leakage of secret URL in Referer header.
Neither Referrer-Policy header, referrerpolicy attribute nor rel=noreferrer have bulletproof support.

Answer 6 · 2021-01-22T08:46:57.000Z

I've started using my stop-gap CodeMirror fork where I push builds, which allows GitHub pages to keep working — see #180.

But I should just get on with the times & switch to Netlify, which can run npm install (and I believe does support submodules).
Currently mathdown running on it https://elastic-liskov-92f696.netlify.app/.
Netlify is sweet in many ways, deploys preview envs on PRs, supports IPv6 (#121)...