feat: expose renderMarkdownToHtml on ExtensionManager#10700
Merged
christian-byrne merged 1 commit intoComfy-Org:mainfrom Mar 29, 2026
Merged
Conversation
Add renderMarkdownToHtml to the ExtensionManager interface so custom node extensions can render markdown to sanitized HTML without bundling their own copies of marked/DOMPurify. Both libraries are already bundled in the frontend (marked ^15.0.11, dompurify ^3.2.5) and used internally. This exposes the existing utility function through the official public API surface that extensions already use (app.extensionManager). The function uses marked with GFM support and DOMPurify sanitization, making it safe for direct use with innerHTML.
dosubot
bot
added
the
size:S
Contributor
📝 WalkthroughWalkthroughThe changes expose a markdown-to-HTML rendering utility function through the workspace store API and establish its contract in the ExtensionManager interface. The function accepts markdown text with an optional base URL parameter and returns sanitized HTML via marked and DOMPurify. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
🎭 Playwright: ✅ 768 passed, 0 failed · 3 flaky📊 Browser Reports
|
🎨 Storybook:
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
This was referenced Mar 29, 2026
christian-byrne
added
needs-backport
AustinMroz
approved these changes
Mar 29, 2026
github-actions bot
pushed a commit
that referenced
this pull request
Mar 29, 2026
## Summary Expose `renderMarkdownToHtml()` on the `ExtensionManager` interface so custom node extensions can render markdown to sanitized HTML without bundling their own copies of `marked`/`DOMPurify`. ## Motivation Multiple custom node packs (KJNodes, comfy_mtb, rgthree-comfy) bundle their own markdown rendering libraries to implement help popups on nodes. This causes: - **Cloud breakage**: KJNodes uses a `kjweb_async` pattern (custom aiohttp static route) to lazily load `marked.min.js` and `purify.min.js`. This 404s on Cloud because the custom route is not registered. - **Redundant bundling**: Both `marked` (^15.0.11) and `dompurify` (^3.2.5) are already direct dependencies of the frontend, used internally by `markdownRendererUtil.ts`, `NodePreview.vue`, `WhatsNewPopup.vue`, etc. - **XSS risk**: Custom nodes using raw `marked` without `DOMPurify` could introduce XSS vulnerabilities. By exposing the existing `renderMarkdownToHtml()` through the official `ExtensionManager` API, custom nodes can: ```js const html = app.extensionManager.renderMarkdownToHtml(nodeData.description) ``` ...instead of bundling and loading their own copies. ## Changes - **`src/types/extensionTypes.ts`**: Add `renderMarkdownToHtml(markdown: string, baseUrl?: string): string` to the `ExtensionManager` interface with JSDoc. - **`src/stores/workspaceStore.ts`**: Import and re-export `renderMarkdownToHtml` from `@/utils/markdownRendererUtil`. ## Impact - **Zero bundle size increase** — the function and its dependencies are already bundled in the `vendor-markdown` chunk. - **No breaking changes** — purely additive to the `ExtensionManager` interface. - **Follows existing pattern** — same approach as `toast`, `dialog`, `command`, `setting` on `ExtensionManager`. Related: #TBD (long-term plan for custom node extension library dependencies) ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-10700-feat-expose-renderMarkdownToHtml-on-ExtensionManager-3326d73d36508149bc1dc6bb45e7c077) by [Unito](https://www.unito.io)
github-actions bot
pushed a commit
that referenced
this pull request
Mar 29, 2026
## Summary Expose `renderMarkdownToHtml()` on the `ExtensionManager` interface so custom node extensions can render markdown to sanitized HTML without bundling their own copies of `marked`/`DOMPurify`. ## Motivation Multiple custom node packs (KJNodes, comfy_mtb, rgthree-comfy) bundle their own markdown rendering libraries to implement help popups on nodes. This causes: - **Cloud breakage**: KJNodes uses a `kjweb_async` pattern (custom aiohttp static route) to lazily load `marked.min.js` and `purify.min.js`. This 404s on Cloud because the custom route is not registered. - **Redundant bundling**: Both `marked` (^15.0.11) and `dompurify` (^3.2.5) are already direct dependencies of the frontend, used internally by `markdownRendererUtil.ts`, `NodePreview.vue`, `WhatsNewPopup.vue`, etc. - **XSS risk**: Custom nodes using raw `marked` without `DOMPurify` could introduce XSS vulnerabilities. By exposing the existing `renderMarkdownToHtml()` through the official `ExtensionManager` API, custom nodes can: ```js const html = app.extensionManager.renderMarkdownToHtml(nodeData.description) ``` ...instead of bundling and loading their own copies. ## Changes - **`src/types/extensionTypes.ts`**: Add `renderMarkdownToHtml(markdown: string, baseUrl?: string): string` to the `ExtensionManager` interface with JSDoc. - **`src/stores/workspaceStore.ts`**: Import and re-export `renderMarkdownToHtml` from `@/utils/markdownRendererUtil`. ## Impact - **Zero bundle size increase** — the function and its dependencies are already bundled in the `vendor-markdown` chunk. - **No breaking changes** — purely additive to the `ExtensionManager` interface. - **Follows existing pattern** — same approach as `toast`, `dialog`, `command`, `setting` on `ExtensionManager`. Related: #TBD (long-term plan for custom node extension library dependencies) ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-10700-feat-expose-renderMarkdownToHtml-on-ExtensionManager-3326d73d36508149bc1dc6bb45e7c077) by [Unito](https://www.unito.io)
Member
|
@christian-byrne Successfully backported to #10719 |
Member
|
@christian-byrne Successfully backported to #10720 |
github-actions
bot
removed
the
needs-backport
comfy-pr-bot
added a commit
that referenced
this pull request
Mar 29, 2026
…anager (#10720) Backport of #10700 to `cloud/1.42` Automatically created by backport workflow. ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-10720-backport-cloud-1-42-feat-expose-renderMarkdownToHtml-on-ExtensionManager-3326d73d3650819189fde93d1fe2584b) by [Unito](https://www.unito.io) Co-authored-by: Christian Byrne <cbyrne@comfy.org>
comfy-pr-bot
added a commit
that referenced
this pull request
Mar 29, 2026
…nager (#10719) Backport of #10700 to `core/1.42` Automatically created by backport workflow. ┆Issue is synchronized with this [Notion page](https://www.notion.so/PR-10719-backport-core-1-42-feat-expose-renderMarkdownToHtml-on-ExtensionManager-3326d73d36508124bb21d6b2a5119402) by [Unito](https://www.unito.io) Co-authored-by: Christian Byrne <cbyrne@comfy.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Expose
renderMarkdownToHtml()on theExtensionManagerinterface so custom node extensions can render markdown to sanitized HTML without bundling their own copies ofmarked/DOMPurify.Motivation
Multiple custom node packs (KJNodes, comfy_mtb, rgthree-comfy) bundle their own markdown rendering libraries to implement help popups on nodes. This causes:
kjweb_asyncpattern (custom aiohttp static route) to lazily loadmarked.min.jsandpurify.min.js. This 404s on Cloud because the custom route is not registered.marked(^15.0.11) anddompurify(^3.2.5) are already direct dependencies of the frontend, used internally bymarkdownRendererUtil.ts,NodePreview.vue,WhatsNewPopup.vue, etc.markedwithoutDOMPurifycould introduce XSS vulnerabilities.By exposing the existing
renderMarkdownToHtml()through the officialExtensionManagerAPI, custom nodes can:...instead of bundling and loading their own copies.
Changes
src/types/extensionTypes.ts: AddrenderMarkdownToHtml(markdown: string, baseUrl?: string): stringto theExtensionManagerinterface with JSDoc.src/stores/workspaceStore.ts: Import and re-exportrenderMarkdownToHtmlfrom@/utils/markdownRendererUtil.Impact
vendor-markdownchunk.ExtensionManagerinterface.toast,dialog,command,settingonExtensionManager.Related: #TBD (long-term plan for custom node extension library dependencies)
┆Issue is synchronized with this Notion page by Unito