Code block vanishes in latest with commonmarker-rouge

[scivola]

Reproduction:

# Gemfile

source "https://rubygems.org"

gem 'commonmarker', '0.18.1'
gem 'commonmarker-rouge'

require "bundler"
Bundler.require

source = <<'EOT'
```rb
x
```
EOT

puts CommonMarker::Rouge.render_html(source)

Result:

<!-- raw HTML omitted -->

Why???

But if we change commonmarker version to 0.17.13, the result is okay:

<div class="highlighter-rouge language-rb"><span class="n">x</span>
</div>

Also, if we omit the language specifier, namely change

```rb

to

```

the result is okay:

<pre><code>x
</code></pre>

[gjtorikian]

Sorry about that! In #81, we began to disallow "custom" HTML by default. Previously, DEFAULT allowed anything to come through, but for security reasons, we've restricted the HTML to just the Commonmarker subset. Since syntax highlighting includes divs, spans, and other elements, you'll need to render the document as "unsafe."

With the newest release of this gem, you can work around the problem with

puts CommonMarker::Rouge.render_html(source, [:UNSAFE])

However, I would highly recommend @sandfoxme to swap the commonmarker-rouge library from using DEFAULT to UNSAFE, so that users do not need to do this.

[scivola]

Thank you for the update.

But I can not obtain the expected result.

I changed

gem 'commonmarker', '0.18.1'

to

gem 'commonmarker', '0.18.2'

in Gemfile, and changed

puts CommonMarker::Rouge.render_html(source)

to

puts CommonMarker::Rouge.render_html(source, [:UNSAFE])

and do:

bundle update

The result of the script is still:

<!-- raw HTML omitted -->

[gjtorikian]

Ah, yeah, then this is definitely something to be fixed in the upstream library, sorry.

commonmarker-rouge defines render_html as:

    def render_html(text, cmark_options = :DEFAULT, **cmr_options)
      render_doc(text, cmark_options, **cmr_options).to_html
    end

But to_html takes options, and the default is DEFAULT. The commonmarker-rouge library needs to pass in UNSAFE here.

[scivola]

Thank you.