Feature #20497

Markdown formatting supporting HTML

Added by dumb blob about 2 years ago. Updated about 1 year ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:


Category:Text formatting
Target version:-


As discussed in #15520#note-16 currently HTML is disabled. This brings several important issues which need to be addressed:

  • Markdown without HTML is not any more Markdown, but rather a very limited flavour
  • because it's a flavour, it needs to be named differently (according to John Gruber)
  • users of CKEditor (or similar) can't easily migrate
  • Redmine is very often deployed on non-public networks and thus using HTML is quite safe

The easiest solution would be to introduce 2 formatting options instead of one:

1. "Markdown (with HTML)"
1. "Markdown (without HTML)"

Also, there would need to be two different markup manuals (a modern variant based on side-by-side live preview as on http://agea.github.io/tutorial.md/ might be worth looking at and possibly copying from - it's MIT licensed).

Related issues

Related to Redmine - Defect #807: HTML not escaped in ticket descriptions Closed 2008-03-07
Related to Redmine - Feature #15520: Markdown formatting Closed


#1 Updated by Go MAEDA about 2 years ago

  • Related to Defect #807: HTML not escaped in ticket descriptions added

#2 Updated by Toshi MARUYAMA about 2 years ago

  • Description updated (diff)

#3 Updated by @ go2null almost 2 years ago

Useful background discussion here #15520 Markdown formatting, including links to the following source for Textile and Markdown.

#4 Updated by Go MAEDA almost 2 years ago

#5 Updated by Go MAEDA almost 2 years ago

HTML tags except <pre> were disabled by #807.

#6 Updated by Go MAEDA almost 2 years ago

  • Priority changed from High to Normal

#7 Updated by @ go2null almost 2 years ago

Here is StackOverflow's disclaimer:

Inline HTML

If you need to do something that Markdown can't handle, use HTML. Note that we only support a very strict subset of HTML!

To reboot your computer, press ctrl</kbd>+alt</kbd>+del</kbd>.

Markdown is smart enough not to mangle your span-level HTML:

<b>Markdown works *fine* in here.</b>

Block-level HTML elements have a few restrictions:
  1. They must be separated from surrounding text by blank lines.
  2. The begin and end tags of the outermost block element must not be indented.
  3. Markdown can't be used within HTML blocks.
    You can <em>not</em> use Markdown in here.

And here are the allowed HTML tags:

<a>              - hyperlink.
<b>              - bold, use as last resort <h1>-<h3>, <em>, and <strong> are 
<blockquote>     - specifies a section that is quoted from another source.
<.code>          - defines a piece of computer code.
<del>            - delete, used to indicate modifications.
<dd>             - describes the item in a <dl> description list.
<dl>             - description list.
<dt>             - title of an item in a <dl> description list.
<em>             - emphasized.
<h1>, <h2>, <h3> - headings.
<i>              - italic.
<img>            - specifies an image tag.
<.kbd>           - represents user input (usually keyboard input).
<li>             - list item in an ordered list <ol> or an unordered list <ul>.
<ol>             - ordered list.
<p>              - paragraph.
<.pre>           - pre-element displayed in a fixed width font and and 
                   unchanged line breaks.
<s>              - strikethrough.
<sup>            - superscript text appears 1/2 character above the baseline 
                   used for footnotes and other formatting.
<sub>            - subscript appears 1/2 character below the baseline.
<strong>         - defines important text.
<strike>         - strikethrough is deprecated, use <del> instead.
<ul>             - unordered list.
<br>             - line break.
<hr>             - defines a thematic change in the content, usually via a 
                   horizontal line.

#8 Updated by James H almost 2 years ago

i run our redmine on a non-public network and would like to use this feature, but for our use case, we would need to be able to specify which projects would have this enabled or disabled. Most of our users are not "power" users (do not know html) and so only a limited number of projects would get this setting enabled.

It would also be great if it could be even more customize-able than that (by trackers, by users, etc.).

#9 Updated by JW Fuchs about 1 year ago


#10 Updated by Ben Blanco about 1 year ago

I concur that Markdown without HTML is a flavoured(down) version of Markdown.

Github.com also rely on redcarpet gem, but they first sanitize the raw input before passing it onto redcarpet, see https://github.com/github/markup#github-markup (code is under Github's "BSD-like?" license).

The sanitization is done by html-pipeline which is available as a gem, (its code is under MIT license).

By doing so they allow fair set of HTML tags:

      WHITELIST = {
        :elements => %w(
          h1 h2 h3 h4 h5 h6 h7 h8 br b i strong em a pre code img tt
          div ins del sup sub p ol ul table thead tbody tfoot blockquote
          dl dt dd kbd q samp var hr ruby rt rp li tr td th s strike summary details

Note: code excerpt from html-pipeline's sanitization_filter.rb at line 44.

Does anyone on this thread, or devs at redmine.org, think that it could be an option to implement the same process for redmine? And/or even re-use Github's code?

Last, #20497#note-8 made me think - though maybe not a good idea (that's why I ask) - if redmine's permissions model could be used to handle who has the right to input HTML tags in Wiki/Issue markdown.. Not sure if it would be better/more flexible than allowing HTML input on a per-project-basis...or have both options?

In all cases, being able to use HTML in redmine w/ markdown (in my case first and foremost for building better <tables> than Markdown's syntax allows for) would be awesome!

Thx :)

#11 Updated by Anonymous about 1 year ago

Ben Blanco wrote:

In all cases, being able to use HTML in redmine w/ markdown (in my case first and foremost for building better <tables> markdown's syntax allows for) would be awesome!

Thx :)

That is exactly the same reason I like to allow markup in my Markdown input.. I disabled the filter_html rule in the core formatting rules for my privately hosted Redmine instance to allow that, so that's sorted it out for me. I like the idea of making this behaviour configurable, I believe I may have suggested the same thing in some of the other Markdown-related tickets too.

Just keep in mind, as per mc0e's reply to my question on this matter, if you're running a public facing Redmine server you will have some security concerns to consider. For LAN or WAN only servers (like in my case) this isn't really a problem.

#12 Updated by Adrien Crivelli about 1 year ago

HTML in markdown is also required to solve the cases of two consecutive lists, or a list followed by code block as described in details in pandoc manual. Basically we use HTML comment (<!-- -->) to mark the end of a list when necessary. This is also explained here, where it's stated that all Markdown libs behave the same and that there is no other solution than using HTML comment.

So at the very least a subset of HTML really seems to be a necessity. Tables and comments being the obvious one.

Also available in: Atom PDF