[11.x] Allows to toggle markdown email encoding (#55539)

crynobone · taylorotwell · web-flow · commit bee282afc9ff · 2025-04-24T08:58:14.000-05:00
* Allow to toggle markdown encoding

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;

* wip

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;

* Update Markdown.php

* wip

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;

* wip

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;

* wip

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;

* formatting

---------

Signed-off-by: Mior Muhammad Zaki &lt;crynobone@gmail.com&gt;
Co-authored-by: Taylor Otwell &lt;taylor@laravel.com&gt;
diff --git a/src/Illuminate/Foundation/Testing/Concerns/InteractsWithTestCaseLifecycle.php b/src/Illuminate/Foundation/Testing/Concerns/InteractsWithTestCaseLifecycle.php
@@ -23,6 +23,7 @@
 use Illuminate\Foundation\Testing\WithoutMiddleware;
 use Illuminate\Http\Middleware\TrustHosts;
 use Illuminate\Http\Middleware\TrustProxies;
+use Illuminate\Mail\Markdown;
 use Illuminate\Queue\Console\WorkCommand;
 use Illuminate\Queue\Queue;
 use Illuminate\Support\Carbon;
@@ -175,6 +176,7 @@ protected function tearDownTheTestEnvironment(): void
         EncodedHtmlString::flushState();
         EncryptCookies::flushState();
         HandleExceptions::flushState();
+        Markdown::flushState();
         Migrator::withoutMigrations([]);
         Once::flush();
         PreventRequestsDuringMaintenance::flushState();
diff --git a/src/Illuminate/Mail/Markdown.php b/src/Illuminate/Mail/Markdown.php
@@ -35,6 +35,13 @@ class Markdown
      */
     protected $componentPaths = [];
 
+    /**
+     * Indicates if secure encoding should be enabled.
+     *
+     * @var bool
+     */
+    protected static $withSecuredEncoding = false;
+
     /**
      * Create a new Markdown renderer instance.
      *
@@ -69,15 +76,17 @@ public function render($view, array $data = [], $inliner = null)
         $contents = $bladeCompiler->usingEchoFormat(
             'new \Illuminate\Support\EncodedHtmlString(%s)',
             function () use ($view, $data) {
-                EncodedHtmlString::encodeUsing(function ($value) {
-                    $replacements = [
-                        '[' => '\[',
-                        '<' => '&lt;',
-                        '>' => '&gt;',
-                    ];
-
-                    return str_replace(array_keys($replacements), array_values($replacements), $value);
-                });
+                if (static::$withSecuredEncoding === true) {
+                    EncodedHtmlString::encodeUsing(function ($value) {
+                        $replacements = [
+                            '[' => '\[',
+                            '<' => '&lt;',
+                            '>' => '&gt;',
+                        ];
+
+                        return str_replace(array_keys($replacements), array_values($replacements), $value);
+                    });
+                }
 
                 try {
                     $contents = $this->view->replaceNamespace(
@@ -137,18 +146,20 @@ public static function parse($text, bool $encoded = false)
             return new HtmlString(static::converter()->convert($text)->getContent());
         }
 
-        EncodedHtmlString::encodeUsing(function ($value) {
-            $replacements = [
-                '[' => '\[',
-                '<' => '\<',
-            ];
+        if (static::$withSecuredEncoding === true || $encoded === true) {
+            EncodedHtmlString::encodeUsing(function ($value) {
+                $replacements = [
+                    '[' => '\[',
+                    '<' => '\<',
+                ];
 
-            $html = str_replace(array_keys($replacements), array_values($replacements), $value);
+                $html = str_replace(array_keys($replacements), array_values($replacements), $value);
 
-            return static::converter([
-                'html_input' => 'escape',
-            ])->convert($html)->getContent();
-        });
+                return static::converter([
+                    'html_input' => 'escape',
+                ])->convert($html)->getContent();
+            });
+        }
 
         $html = '';
 
@@ -250,4 +261,34 @@ public function getTheme()
     {
         return $this->theme;
     }
+
+    /**
+     * Enable secured encoding when parsing Markdown.
+     *
+     * @return void
+     */
+    public static function withSecuredEncoding()
+    {
+        static::$withSecuredEncoding = true;
+    }
+
+    /**
+     * Disable secured encoding when parsing Markdown.
+     *
+     * @return void
+     */
+    public static function withoutSecuredEncoding()
+    {
+        static::$withSecuredEncoding = false;
+    }
+
+    /**
+     * Flush the class's global state.
+     *
+     * @return void
+     */
+    public static function flushState()
+    {
+        static::$withSecuredEncoding = false;
+    }
 }
diff --git a/tests/Integration/Mail/MailableWithSecuredEncodingTest.php b/tests/Integration/Mail/MailableWithSecuredEncodingTest.php
@@ -7,20 +7,34 @@
 use Illuminate\Mail\Mailable;
 use Illuminate\Mail\Mailables\Content;
 use Illuminate\Mail\Mailables\Envelope;
+use Illuminate\Mail\Markdown;
+use Illuminate\Support\EncodedHtmlString;
 use Orchestra\Testbench\Attributes\WithMigration;
 use Orchestra\Testbench\Factories\UserFactory;
 use Orchestra\Testbench\TestCase;
 use PHPUnit\Framework\Attributes\DataProvider;
 
-class MailableTest extends TestCase
+class MailableWithSecuredEncodingTest extends TestCase
 {
     use LazilyRefreshDatabase;
 
+    /** {@inheritdoc} */
+    #[\Override]
+    protected function tearDown(): void
+    {
+        Markdown::flushState();
+        EncodedHtmlString::flushState();
+
+        parent::tearDown();
+    }
+
     /** {@inheritdoc} */
     #[\Override]
     protected function defineEnvironment($app)
     {
         $app['view']->addLocation(__DIR__.'/Fixtures');
+
+        Markdown::withSecuredEncoding();
     }
 
     #[DataProvider('markdownEncodedDataProvider')]
diff --git a/tests/Integration/Mail/MailableWithoutSecuredEncodingTest.php b/tests/Integration/Mail/MailableWithoutSecuredEncodingTest.php
@@ -0,0 +1,143 @@
+<?php
+
+namespace Illuminate\Tests\Integration\Mail;
+
+use Illuminate\Foundation\Auth\User;
+use Illuminate\Foundation\Testing\LazilyRefreshDatabase;
+use Illuminate\Mail\Mailable;
+use Illuminate\Mail\Mailables\Content;
+use Illuminate\Mail\Mailables\Envelope;
+use Illuminate\Mail\Markdown;
+use Illuminate\Support\EncodedHtmlString;
+use Orchestra\Testbench\Attributes\WithMigration;
+use Orchestra\Testbench\Factories\UserFactory;
+use Orchestra\Testbench\TestCase;
+use PHPUnit\Framework\Attributes\DataProvider;
+
+class MailableWithoutSecuredEncodingTest extends TestCase
+{
+    use LazilyRefreshDatabase;
+
+    /** {@inheritdoc} */
+    #[\Override]
+    protected function tearDown(): void
+    {
+        Markdown::flushState();
+        EncodedHtmlString::flushState();
+
+        parent::tearDown();
+    }
+
+    /** {@inheritdoc} */
+    #[\Override]
+    protected function defineEnvironment($app)
+    {
+        $app['view']->addLocation(__DIR__.'/Fixtures');
+
+        Markdown::withoutSecuredEncoding();
+    }
+
+    #[DataProvider('markdownEncodedDataProvider')]
+    public function testItCanAssertMarkdownEncodedString($given, $expected)
+    {
+        $mailable = new class($given) extends Mailable
+        {
+            public function __construct(public string $message)
+            {
+                //
+            }
+
+            public function envelope()
+            {
+                return new Envelope(
+                    subject: 'My basic title',
+                );
+            }
+
+            public function content()
+            {
+                return new Content(
+                    markdown: 'message',
+                );
+            }
+        };
+
+        $mailable->assertSeeInHtml($expected, false);
+    }
+
+    public static function markdownEncodedDataProvider()
+    {
+        yield ['[Laravel](https://laravel.com)', 'My message is: [Laravel](https://laravel.com)'];
+
+        yield [
+            '![Welcome to Laravel](https://laravel.com/assets/img/welcome/background.svg)',
+            'My message is: ![Welcome to Laravel](https://laravel.com/assets/img/welcome/background.svg)',
+        ];
+
+        yield [
+            'Visit https://laravel.com/docs to browse the documentation',
+            'My message is: Visit https://laravel.com/docs to browse the documentation',
+        ];
+
+        yield [
+            'Visit <https://laravel.com/docs> to browse the documentation',
+            'My message is: Visit &lt;https://laravel.com/docs&gt; to browse the documentation',
+        ];
+
+        yield [
+            'Visit <span>https://laravel.com/docs</span> to browse the documentation',
+            'My message is: Visit &lt;span&gt;https://laravel.com/docs&lt;/span&gt; to browse the documentation',
+        ];
+    }
+
+    #[WithMigration]
+    #[DataProvider('markdownEncodedTemplateDataProvider')]
+    public function testItCanAssertMarkdownEncodedStringUsingTemplate($given, $expected)
+    {
+        $user = UserFactory::new()->create([
+            'name' => $given,
+        ]);
+
+        $mailable = new class($user) extends Mailable
+        {
+            public $theme = 'taylor';
+
+            public function __construct(public User $user)
+            {
+                //
+            }
+
+            public function build()
+            {
+                return $this->markdown('message-with-template');
+            }
+        };
+
+        $mailable->assertSeeInHtml($expected, false);
+    }
+
+    public static function markdownEncodedTemplateDataProvider()
+    {
+        yield ['[Laravel](https://laravel.com)', '<p><em>Hi</em> <a href="https://laravel.com">Laravel</a></p>'];
+
+        yield [
+            '![Welcome to Laravel](https://laravel.com/assets/img/welcome/background.svg)',
+            '<p><em>Hi</em> <img src="https://laravel.com/assets/img/welcome/background.svg" alt="Welcome to Laravel"></p>',
+        ];
+
+        yield [
+            'Visit https://laravel.com/docs to browse the documentation',
+            '<em>Hi</em> Visit https://laravel.com/docs to browse the documentation',
+        ];
+
+        yield [
+            'Visit <https://laravel.com/docs> to browse the documentation',
+            '<em>Hi</em> Visit &lt;https://laravel.com/docs&gt; to browse the documentation',
+        ];
+
+        yield [
+            'Visit <span>https://laravel.com/docs</span> to browse the documentation',
+            '<em>Hi</em> Visit &lt;span&gt;https://laravel.com/docs&lt;/span&gt; to browse the documentation',
+        ];
+    }
+}
diff --git a/tests/Integration/Mail/MarkdownParserTest.php b/tests/Integration/Mail/MarkdownParserTest.php
@@ -10,6 +10,16 @@
 
 class MarkdownParserTest extends TestCase
 {
+    /** {@inheritdoc} */
+    #[\Override]
+    protected function tearDown(): void
+    {
+        Markdown::flushState();
+        EncodedHtmlString::flushState();
+
+        parent::tearDown();
+    }
+
     #[DataProvider('markdownDataProvider')]
     public function testItCanParseMarkdownString($given, $expected)
     {
