Marked: Images with space in the URI don't get parsed
Images with spaces in the filepath are no longer being parsed correctly.
To Reproduce
Process the following doesn't see match an image.
- Install marked
npm install --save [email protected]with the version you are using - Run marked with input string and options such as
marked('', {sanitize: true})
Expected behavior
Expected the url to be made html friendly with the switch sanitize by replacing spaces with %20.
woodyrew
All 4 comments
Looks like it is acting the way it is supposed to.
according to the Common Mark Spec:
A link destination consists of either
a sequence of zero or more characters between an opening
<and a closing>that contains no spaces, line breaks, or unescaped<or>characters, ora nonempty sequence of characters that does not include ASCII space or control characters, and includes parentheses only if (a) they are backslash-escaped or (b) they are part of a balanced pair of unescaped parentheses. (Implementations may impose limits on parentheses nesting to avoid performance issues, but at least three levels of nesting should be supported.)
UziTech
on 29 Oct 2018
The workaround is to use url encoding like so 
Notice that the space character is encoded as %20
Update: I missed your last line about sanitize.
Sanitizing is about handling attacks, not fixing typos.
We actually have a proposal to remove sanitization in #1232 so you should avoid that option if you can.
styfle
on 29 Oct 2018
I'm aware of the Common Mark Spec and the workaround but it feels within the scope of the sanitize switch to address this.
woodyrew
on 30 Oct 2018
As @styfle mentioned above sanitize is meant to prevent XSS attacks not fix typos.
The only way to fix your issue would be to replace the space with %20 before passing it to marked.
UziTech
on 30 Oct 2018
Related issues
elennaro
路
4Comments
chunhei2008
路
3Comments
thyxsl
路
4Comments
vsemozhetbyt
路
4Comments
zoe-cjf
路
3Comments