Split markdown rendering to a separate package.#647
Conversation
jacobsimionato
left a comment
jacobsimionato
left a comment
There was a problem hiding this comment.
Hey thanks for iterating - this seems a lot lighter! It looks like angular support is gone, but ideally it will be possible to use this same shared interface/package for Angular?
ditman
changed the title
|
/gemini review |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request effectively refactors the markdown rendering logic into a new shared package, @a2ui/markdown-it-shared. This is a positive step towards better code organization and reusability. The dependency injection approach for providing the markdown renderer in both Angular and Lit frameworks is well-executed.
However, I have identified a critical security vulnerability due to an incomplete sanitizer implementation in the new shared package. Additionally, there are a couple of bugs in the new package: one in the HTML highlighting logic and another in a build script, which could break the publishing process. My review includes specific comments and suggestions to address these issues.
ditman
force-pushed
the
inject-markdown-renderer-only
branch
from
8df05c1 to
b70a5eb
Compare
|
/gemini review |
ditman
requested review from
ava-cassiopeia,
crisbeto,
dmandar,
gspencergoog,
paullewis and
zeroasterisk
as code owners
There was a problem hiding this comment.
Code Review
This pull request is a great step towards improving the maintainability and consistency of markdown rendering by centralizing the logic into a new @a2ui/markdown-it-shared package. The use of dependency injection for the renderer in both Angular and Lit frameworks is well-executed. I've identified a couple of critical issues in the new shared markdown renderer that could lead to incorrect rendering and potential security vulnerabilities. Additionally, there are a few medium-severity suggestions to improve code clarity and adhere to best practices for library development. Overall, this is a valuable refactoring, and addressing these points will make it even more robust.
ditman
force-pushed
the
inject-markdown-renderer-only
branch
from
dfa0b28 to
ec4ece9
Compare
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request refactors the markdown rendering logic by decoupling the markdown-it dependency from the lit and angular renderers and moving it into a new shared package, @a2ui/markdown-it-shared. This is a great architectural improvement that makes the renderers more modular and allows users to inject their own markdown implementation. The changes are well-implemented, including updates to the sample applications to use the new provider/context patterns. My review includes a few minor suggestions to improve code clarity and maintainability.
|
LGTM. I wonder if the package should be called a2ui-markdown-it or something? Not sure if 'shared' is needed in there? |
I really like that name, I'll rename the package ASAP. |
ditman
force-pushed
the
inject-markdown-renderer-only
branch
from
f66f276 to
ffec1e3
Compare
ditman
changed the title
|
OK, I'm landing this once @jacobsimionato comes online :P |
2 participants
Description
This PR separates the
markdown-itdependency from thelitandangularrendererers, by allowing users to inject their own markdown renderer.Warning
BREAKING CHANGE: By default, now incoming markdown is rendered as a
preelement, and users must inject a markdown renderer of their choosing for markdown to be rendered (see below).In order to keep the "batteries" somewhat included in the sdk, a new package is introduced:
@a2ui/markdown-it: a pre-configuredmarkdown-itinstance for all web renderers. This allows us to have a single configured markdown renderer withmarkdown-itanddompurifythat can be reused across all web packages. This is just a markdown string -> html string converter. (I liked/followed this naming convention)The
litandangularrestaurant samples are updated to inject the new markdown renderer.Fixes
Tests
Pre-launch Checklist
If you need help, consider asking for advice on the discussion board.