From e6444bb57e60d56648ea60cf6b30f737c052e2c1 Mon Sep 17 00:00:00 2001
From: Aidan Woods <aidantwoods@gmail.com>
Date: Thu, 15 Mar 2018 10:42:29 +0000
Subject: [PATCH] Add unsafeHtml option for extensions to use on trusted input

---
 Parsedown.php            | 21 +++++++++++++++++++--
 test/ParsedownTest.php   | 12 ++++++++++++
 test/UnsafeExtension.php | 14 ++++++++++++++
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 test/UnsafeExtension.php

diff --git a/Parsedown.php b/Parsedown.php
index 2725170..b274f52 100644
--- a/Parsedown.php
+++ b/Parsedown.php
@@ -1488,7 +1488,20 @@ class Parsedown
             }
         }
 
+        $unsafeHtml = false;
         if (isset($Element['text']))
+        {
+            $text = $Element['text'];
+        }
+        // very strongly consider an alternative if you're writing an
+        // extension
+        elseif (isset($Element['unsafeHtml']) and !$this->safeMode)
+        {
+            $text = $Element['unsafeHtml'];
+            $unsafeHtml = true;
+        }
+
+        if (isset($text))
         {
             $markup .= $hasName ? '>' : '';
 
@@ -1499,11 +1512,15 @@ class Parsedown
 
             if (isset($Element['handler']))
             {
-                $markup .= $this->{$Element['handler']}($Element['text'], $Element['nonNestables']);
+                $markup .= $this->{$Element['handler']}($text, $Element['nonNestables']);
+            }
+            elseif ($unsafeHtml !== true or $this->safeMode)
+            {
+                $markup .= self::escape($text, true);
             }
             else
             {
-                $markup .= self::escape($Element['text'], true);
+                $markup .= $text;
             }
 
             $markup .= $hasName ? '</'.$Element['name'].'>' : '';
diff --git a/test/ParsedownTest.php b/test/ParsedownTest.php
index c28cedf..3cd796e 100644
--- a/test/ParsedownTest.php
+++ b/test/ParsedownTest.php
@@ -1,4 +1,5 @@
 <?php
+require 'UnsafeExtension.php';
 
 use PHPUnit\Framework\TestCase;
 
@@ -55,6 +56,17 @@ class ParsedownTest extends TestCase
         $this->assertEquals($expectedMarkup, $actualMarkup);
     }
 
+    function testUnsafeHtml()
+    {
+        $markdown = "```php\nfoobar\n```";
+        $expectedMarkup = '<pre><code class="language-php"><p>foobar</p></code></pre>';
+
+        $unsafeExtension = new UnsafeExtension;
+        $actualMarkup = $unsafeExtension->text($markdown);
+
+        $this->assertEquals($expectedMarkup, $actualMarkup);
+    }
+
     function data()
     {
         $data = array();
diff --git a/test/UnsafeExtension.php b/test/UnsafeExtension.php
new file mode 100644
index 0000000..f2343c4
--- /dev/null
+++ b/test/UnsafeExtension.php
@@ -0,0 +1,14 @@
+<?php
+
+class UnsafeExtension extends Parsedown
+{
+    protected function blockFencedCodeComplete($Block)
+    {
+        $text = $Block['element']['text']['text'];
+        unset($Block['element']['text']['text']);
+
+        $Block['element']['text']['unsafeHtml'] = "<p>$text</p>";
+
+        return $Block;
+    }
+}