Reintroduce TFE duration metadata: DB columns, form fields, controllers, views, and migration

Add 'unsafe-eval' to CSP script-src directives (htmx requires Function())

app/src/MarkdownHelper.php

@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Shared markdown utilities.
+ */
+class MarkdownHelper
+{
+    /**
+     * Extract h1–h3 headings from raw markdown content as TOC items.
+     *
+     * Each heading gets an anchor id matching CommonMark's default slugification
+     * (lowercase, spaces → hyphens, punctuation stripped).
+     *
+     * @return array<int, array{label: string, href: string}>
+     */
+    public static function extractToc(string $content): array
+    {
+        $items = [];
+        $lines = explode("\n", $content);
+        foreach ($lines as $line) {
+            if (preg_match('/^#{1,3}\s+(.+)$/', $line, $m)) {
+                $label = trim($m[1]);
+                // Replicate CommonMark's default heading ID generation:
+                // lowercase, strip non-word chars (except hyphens/spaces), spaces→hyphens
+                $id = strtolower($label);
+                $id = preg_replace('/[^\w\s-]/u', '', $id);
+                $id = preg_replace('/\s+/', '-', $id);
+                $id = trim($id, '-');
+                $items[] = ['label' => $label, 'href' => '#' . $id];
+            }
+        }
+        return $items;
+    }
+}