Skip to content

feat(render): full post-body pipeline + image proxy (#3976–#3978 intent)#3987

Open
ety001 wants to merge 1 commit into
nextfrom
image-render-pipeline
Open

feat(render): full post-body pipeline + image proxy (#3976–#3978 intent)#3987
ety001 wants to merge 1 commit into
nextfrom
image-render-pipeline

Conversation

@ety001

@ety001 ety001 commented Jul 10, 2026

Copy link
Copy Markdown
Member

Implements the complete post-body rendering pipeline on the next branch and absorbs the intent of master's image-proxy fixes #3976#3978.

Those three commits target src/app/utils/ProxifyUrl.js, src/shared/HtmlReady.js, etc. — files that don't exist on next (it's a from-scratch rewrite). So this is a reimplementation of the same intent, not a cherry-pick: the current MarkdownViewer.tsx is a regex hack that doesn't even render ![]() images.

Pipeline (order is security-critical)

markdown-it (markdown→HTML) → HtmlReady (mutation) → sanitize-html (XSS)

sanitize-html is the real XSS filter (iframe whitelist, allowedTags/Attributes). Using bridge body_html directly would bypass it — unsafe. So we render raw markdown body and sanitize ourselves.

New files

Rewritten

  • components/elements/MarkdownViewer.tsx — regex hack → real pipeline. Public props (text/className/large/hideImages) unchanged; PostFull unaffected.

Dependencies

markdown-it (actively-maintained CommonMark renderer, replaces unmaintained remarkable; identical options surface), bs58@6 (current ESM major), sanitize-html v2, @xmldom/xmldom, plus @types/{markdown-it,sanitize-html}.

Verification

  • tsc --noEmit — clean
  • eslint — clean
  • next build — ✓ Compiled successfully
  • Runtime-tested the proxy: first-party proxied via /p/:base58, idempotent under double-proxy, third-party passthrough, /D urls canonicalized to cdn inside the encoded URL

Not in scope

next/image (deliberately excluded — conflicts with /p/ double-optimization), voting-slider UX, master's non-image fixes.

…tize-html) + image proxy

Implements the complete post-body rendering pipeline on the next branch and
absorbs the intent of master's image-proxy fixes #3976#3978 (which target
files that don't exist on next — this is a from-scratch reimplementation, not a
cherry-pick).

Pipeline (order is security-critical):
  markdown-it (markdown→HTML) → HtmlReady (mutation/normalize) → sanitize-html (XSS)

New files:
- lib/media/proxify-url.ts: proxifyImageUrl + isDefaultImageSize/defaultSrcSet.
  Absorbs #3976 (only first-party via /p), #3977 (idempotent /p/ URLs — no
  double base58-encode), #3978 (canonicalize steemitimages.com/D* to cdn before
  encoding). Proxy prefix via NEXT_PUBLIC_IMAGE_PROXY_PREFIX.
- lib/media/links.ts: URL/first-party/image regexes (local = *.steemit.com).
- lib/sanitize-config.ts: sanitize-html config — allowedTags/Attributes/Schemes,
  transformTags with the iframe whitelist (vimeo/youtube/3speak/soundcloud/
  twitch/dtube verbatim). This is the real XSS filter.
- lib/html-ready.ts: HtmlReady mutation layer — link normalization, iframe
  wrapping in videoWrapper, image https-ify + clickable wrap, #tag/@mention
  linkify, naked-image-URL detection, proxifyImages. (Scoped to MVP: video
  embed-replacement chains and the external Phishing module not ported.)

Rewritten:
- components/elements/MarkdownViewer.tsx: the regex hack → real pipeline.
  Public props (text/className/large/hideImages) unchanged; PostFull unaffected.

Deps: markdown-it (actively-maintained CommonMark renderer, replaces the
unmaintained remarkable; identical options surface), bs58@6 (ESM current major),
sanitize-html (v2), @xmldom/xmldom, plus @types/{markdown-it,sanitize-html}.

Verified: tsc clean, eslint clean, next build ✓. Runtime-tested the proxy:
first-party proxied via /p/:base58, idempotent under double-proxy, third-party
passthrough, /D urls canonicalized to cdn inside the encoded URL.

Not in scope: next/image (deliberately excluded — conflicts with /p/ double
optimization), voting-slider UX, master's non-image fixes.
@ety001 ety001 force-pushed the image-render-pipeline branch from a8ef5eb to 3f8f47f Compare July 10, 2026 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant