Martin Probst
7daa6e8b70
Move sanitization tests into their own file.
...
Also adds an explicit test for [link](...) syntax to be sanitized.
2014-05-03 14:37:23 +02:00
Vytautas Šaltenis
7b5191107e
Merge pull request #73 from johnsto/bugfix/fenced-code-append
...
Fix fenced code extension modifying data beyond slice
2014-05-03 15:15:44 +03:00
Vytautas Šaltenis
717a976f69
Merge pull request #76 from mprobst/self-closing
...
feat: Write self-closing tags with a />
2014-05-03 15:11:53 +03:00
Vytautas Šaltenis
643477a051
Merge pull request #75 from mprobst/sanitize_test
...
Avoid raw mode parsing so that tags like <script> don't cause escaping
2014-05-03 15:11:41 +03:00
Martin Probst
55d8f72dde
feat: Write self-closing tags with a />
...
Adds tests for self-closing tags both for correct writing and for correct
sanitization, i.e. stripping attributes on them.
2014-05-03 13:59:10 +02:00
Martin Probst
11e042f6c1
Avoid raw mode parsing so that raw mode tags like <script> don't cause issues.
...
Certain tags like <script> but also <title> and others switch an HTML5 parser
into raw mode, which causes the rest of the HTML string to be always parsed as
text, including any elements or entities that we do want to support (e.g. <p>).
As we're going to escape any of the raw text elements anyway (it's e.g. script,
style, title, xmp, noframes, and a couple of others) we can just switch of raw
text parsing by disabling it after each starting tag.
2014-05-03 13:26:52 +02:00
Vytautas Šaltenis
50b8e0370b
Merge pull request #74 from mprobst/sanitize_test
...
Add a test for the correct handling of escaped entities in HTML.
2014-05-03 13:58:03 +03:00
Martin Probst
915f7049a0
Add a test for the correct handling of escaped entities in HTML.
...
The sanitization code does not retain any particular escaped entities - it
parses the HTML and thus loses the information on what entities were in the
original. The result is correct UTF-8 HTML though.
2014-05-03 12:34:16 +02:00
Dave Johnston
baebdee6de
Avoid double alloc
2014-05-03 08:52:18 +01:00
Dave Johnston
852c1967b9
Fix fenced code extn modifying data beyond slice
2014-05-02 23:05:06 +01:00
Vytautas Šaltenis
c76eb63418
Merge pull request #71 from mprobst/master
...
Add support for a bunch more safe HTML element tags, and bring them into...
2014-05-02 00:55:47 +03:00
Martin Probst
8d2af3a21b
Add support for a bunch more safe HTML element tags, and bring them into some order.
2014-05-01 22:08:32 +02:00
Vytautas Šaltenis
aeb569ff46
Merge pull request #70 from mprobst/master
...
fix: Handle all different token types that the parser can emit (d'oh).
2014-05-01 21:59:07 +03:00
Martin Probst
f9b7593e65
fix: Handle all different token types that the parser can emit (d'oh).
2014-05-01 20:55:53 +02:00
Vytautas Šaltenis
60ba757eaa
Merge branch 'gihnius-master'
2014-05-01 21:46:51 +03:00
Vytautas Šaltenis
3dba5bc56e
Merge branch 'master' of github.com:gihnius/blackfriday into gihnius-master
...
Conflicts:
html.go
inline_test.go
2014-05-01 21:43:42 +03:00
Vytautas Šaltenis
b44be78459
Allow rel attribute in sanitizer
...
Fixes issue #68 .
2014-05-01 20:49:49 +03:00
Vytautas Šaltenis
b54984b711
Merge pull request #69 from mprobst/master
...
Use go.net/html's parser to sanitize HTML.
2014-05-01 20:47:17 +03:00
Martin Probst
41251715ad
Use go.net/html's parser to sanitize HTML.
...
Use an HTML5 compliant parser that interprets HTML as a browser would to parse
the Markdown result and then sanitize based on the result.
Escape unrecognized and disallowed HTML in the result.
Currently works with a hard coded whitelist of safe HTML tags and attributes.
2014-04-27 23:40:44 +02:00
Vytautas Šaltenis
3ca168f879
Merge pull request #64 from willnix/master
...
Add table tags to the whitelist.
2014-04-20 23:15:54 +03:00
willnix
be9cbc634a
tagWhitelist allows alignment attribute now
...
This is the closest I could get to removing everything "unsave" without introducing an additional regex.
2014-04-19 21:59:04 +00:00
willnix
c1e4996787
Add table tags to the whitelist.
...
Fixing:
55cd82008e
This commit introduced a html tag whitelist which does not include any table tags (<td>,<tr>,<thead>...). Therefore even tables the markdown parser itself generated will be removed.
2014-04-17 15:44:40 +00:00
Vytautas Šaltenis
9c7cf8b1b7
Merge pull request #61 from shurcooL/feature/dont-expand-tabs-inside-fenced-code-blocks
...
Don't expand tabs inside fenced code blocks.
2014-04-13 10:56:02 +03:00
Dmitri Shuralyov
ad246ef7a5
Don't expand tabs inside fenced code blocks.
...
Still do normalize newlines inside fenced code blocks.
2014-04-12 14:45:25 -07:00
Vytautas Šaltenis
5bcdd5eb7f
Merge pull request #60 from shurcooL/fix/fenced-code-block-extra-newline
...
Fix for potential extra newline added inside fenced code blocks.
2014-04-12 21:58:08 +03:00
Dmitri Shuralyov
8df342acd5
Fix bug where newlines were inserted inside fenced code blocks.
...
Change firstPass() code that checks for fenced code blocks to check all
of them and properly keep track of lastFencedCodeBlockEnd.
This way, it won't misinterpret the end of a fenced code block as a
beginning of a new one.
2014-04-11 21:27:28 -07:00
Dmitri Shuralyov
ef2a2b02dc
Add failing test for an issue introduced by PR #56 .
...
The issue is that when there are more than 1 fenced code blocks with a
blank line before and after, the parser introduces a single extra new
line to all the fenced code blocks except the last one.
2014-04-11 19:54:55 -07:00
Vytautas Šaltenis
c5ece173ad
Merge pull request #59 from johnsto/master
...
Header ID specifiers
2014-04-11 21:31:27 +03:00
Vytautas Šaltenis
1fd57a277b
Merge pull request #56 from muhqu/issue/45
...
Fix for Fenced Code Blocks without a blank line before
2014-04-08 13:00:13 +03:00
Mathias Leppich
cb288d6b5d
Revert "add an infinity-loop detection to block-level parsing"
...
This reverts commit 0c62e28e90
.
2014-04-08 11:51:17 +02:00
Dave Johnston
924064f3f7
Also support header IDs in ## headers ##
2014-04-06 10:30:40 +01:00
Dave Johnston
7ad5f9c119
Correctly emit trailing header ID brace
2014-04-05 20:59:03 +01:00
Dave Johnston
cf01a94556
Add Header IDs to default extensions
2014-04-05 20:45:57 +01:00
Dave Johnston
2dff0864f0
Add header ID support and tests: # Header {#myid}
2014-04-05 20:42:58 +01:00
Vytautas Šaltenis
78dbffcfb7
Merge pull request #58 from aspic/master
...
Explicit return byte array at end of function.
2014-04-05 21:48:09 +03:00
Kjetil Mehl
786aed6213
Explicit return byte array at end of function.
2014-04-05 16:59:28 +02:00
Mathias Leppich
17ca261449
optimisation: only fix fenced code blocks if the extensions parser flag is set... ;-)
2014-04-01 23:20:18 +02:00
Mathias Leppich
093273323a
out-comment stderr debug output
2014-03-30 22:40:43 +02:00
Mathias Leppich
ec90dd0fc4
add some stderr output to reference stress tests
2014-03-30 22:40:43 +02:00
Mathias Leppich
cd3fa08cb1
fix issue #45 : 'Fenced Code Blocks without a blank line before'
...
Add missing newline between paragraph and fenced code block within `firstPass()`.
2014-03-30 22:40:43 +02:00
Mathias Leppich
a4274bba51
add error message when panic has been raised within doTestsBlock()
2014-03-30 22:40:43 +02:00
Mathias Leppich
0c62e28e90
add an infinity-loop detection to block-level parsing
2014-03-30 22:40:43 +02:00
Mathias Leppich
d4c367a949
add test cases for issue #45
2014-03-30 22:40:43 +02:00
Vytautas Šaltenis
55bb56bf9b
Merge pull request #55 from rtfb/master
...
Autolink fixes
2014-03-30 19:58:39 +03:00
Vytautas Šaltenis
d643453f1e
Merge pull request #50 from rtfb/master
...
Better protection against JavaScript injection
2014-03-30 19:52:13 +03:00
gihnius
c9977f0c0b
test: add nofollow ref for non internal links only
2014-03-21 11:17:31 +08:00
gihnius
93484b1424
add nofollow ref for non internal links only
2014-03-21 11:14:58 +08:00
gihnius
ecf59d4a55
add target blank attr
2014-03-21 10:52:46 +08:00
Vytautas Šaltenis
e078bb8ec3
Merge pull request #52 from laslowh/master
...
add HTML_NOFOLLOW_LINKS
2014-03-10 21:47:35 +02:00
Graham Miller
d71c759108
add HTML_NOFOLLOW_LINKS
2014-02-25 09:21:57 -05:00