Vytautas Šaltenis
1fd57a277b
Merge pull request #56 from muhqu/issue/45
...
Fix for Fenced Code Blocks without a blank line before
2014-04-08 13:00:13 +03:00
Mathias Leppich
cb288d6b5d
Revert "add an infinity-loop detection to block-level parsing"
...
This reverts commit 0c62e28e90
.
2014-04-08 11:51:17 +02:00
Dave Johnston
924064f3f7
Also support header IDs in ## headers ##
2014-04-06 10:30:40 +01:00
Dave Johnston
7ad5f9c119
Correctly emit trailing header ID brace
2014-04-05 20:59:03 +01:00
Dave Johnston
cf01a94556
Add Header IDs to default extensions
2014-04-05 20:45:57 +01:00
Dave Johnston
2dff0864f0
Add header ID support and tests: # Header {#myid}
2014-04-05 20:42:58 +01:00
Vytautas Šaltenis
78dbffcfb7
Merge pull request #58 from aspic/master
...
Explicit return byte array at end of function.
2014-04-05 21:48:09 +03:00
Kjetil Mehl
786aed6213
Explicit return byte array at end of function.
2014-04-05 16:59:28 +02:00
Mathias Leppich
17ca261449
optimisation: only fix fenced code blocks if the extensions parser flag is set... ;-)
2014-04-01 23:20:18 +02:00
Mathias Leppich
093273323a
out-comment stderr debug output
2014-03-30 22:40:43 +02:00
Mathias Leppich
ec90dd0fc4
add some stderr output to reference stress tests
2014-03-30 22:40:43 +02:00
Mathias Leppich
cd3fa08cb1
fix issue #45 : 'Fenced Code Blocks without a blank line before'
...
Add missing newline between paragraph and fenced code block within `firstPass()`.
2014-03-30 22:40:43 +02:00
Mathias Leppich
a4274bba51
add error message when panic has been raised within doTestsBlock()
2014-03-30 22:40:43 +02:00
Mathias Leppich
0c62e28e90
add an infinity-loop detection to block-level parsing
2014-03-30 22:40:43 +02:00
Mathias Leppich
d4c367a949
add test cases for issue #45
2014-03-30 22:40:43 +02:00
Vytautas Šaltenis
55bb56bf9b
Merge pull request #55 from rtfb/master
...
Autolink fixes
2014-03-30 19:58:39 +03:00
Vytautas Šaltenis
d643453f1e
Merge pull request #50 from rtfb/master
...
Better protection against JavaScript injection
2014-03-30 19:52:13 +03:00
gihnius
c9977f0c0b
test: add nofollow ref for non internal links only
2014-03-21 11:17:31 +08:00
gihnius
93484b1424
add nofollow ref for non internal links only
2014-03-21 11:14:58 +08:00
gihnius
ecf59d4a55
add target blank attr
2014-03-21 10:52:46 +08:00
Vytautas Šaltenis
e078bb8ec3
Merge pull request #52 from laslowh/master
...
add HTML_NOFOLLOW_LINKS
2014-03-10 21:47:35 +02:00
Graham Miller
d71c759108
add HTML_NOFOLLOW_LINKS
2014-02-25 09:21:57 -05:00
Vytautas Šaltenis
e5937643a9
Fix bug in autolink with trailing semicolon
...
In case the link ends with escaped html entity, the semicolon is a part
of the link and should not be interpreted as punctuation.
2014-02-17 21:09:04 +02:00
Vytautas Šaltenis
b0bdfbec4c
Fix bug in autolink overescaping html entities
...
If autolink encounters a link which already has an escaped html entity,
it would escape the ampersand again, producing things like these:
& --> &
" --> "
This commit solves that by first looking for all entity-looking things
in the link and copying those ranges verbatim, only considering the rest
of the string for escaping.
Doesn't seem to have considerable performance impact.
The mailto: links are processed the old way.
2014-02-17 21:09:04 +02:00
Vytautas Šaltenis
cc0d56d092
Extract a chain of ifs into separate func
...
This gives a ~10% slowdown of a full test run, which is tolerable.
Switch statement is still slightly slower (~5%). Using map turned out to
be unacceptably slow (~3x slowdown).
2014-02-17 21:09:04 +02:00
Vytautas Šaltenis
84ee8e62f6
Add a note about JavaScript injections to README
2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
31a96c6ce7
go fmt
2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
f2d43f69a4
Fix bug in autolink termination
...
Detect the end of link when it is immediately followed by an element.
2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
9fc8c9d866
Fix bug with overzealous autolink processing
...
When the source Markdown contains an anchor tag with URL as link text
(i.e. <a href=...>http://foo.bar </a>), autolink converts that link text
into another anchor tag, which is nonsense. Detect this situation with
regexp and early exit autolink processing.
2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
2f50a53f8e
Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT
2014-01-22 01:23:43 +02:00
Vytautas Šaltenis
55cd82008e
Rewrite protection against JavaScript injection
...
This drops the naive approach at <script> tag stripping and resorts to
full sanitization of html. The general idea (and the regexps) is grabbed
from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in
PageDown, it's implemented as a separate pass over resulting html.
Includes a metric ton (but not all) of test cases from here[2]. Several
are commented out since they don't pass yet.
Stronger (but still incomplete) fix for #11 .
[1] http://code.google.com/p/pagedown/wiki/PageDown
[2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
2014-01-22 01:14:35 +02:00
Vytautas Šaltenis
e02c392dc6
Extract useful code to separate func
2014-01-22 00:45:43 +02:00
Vytautas Šaltenis
5405274d99
Merge pull request #44 from FreakyDazio/safe-relatives
...
Relative URIs are considered safe
2014-01-08 11:51:13 -08:00
Vytautas Šaltenis
0c38d23ca2
Merge pull request #43 from microcosm-cc/master
...
Cells in THEAD > TR are now TH.
2014-01-08 11:46:30 -08:00
Darren Coxall
607ec21435
Tests for links when using HTML_SAFELINK
2013-12-19 10:00:47 +00:00
Darren Coxall
59358adea8
Relative URIs are considered safe
2013-12-09 14:41:37 +00:00
Russ Ross
d0e587acc8
Change GOROOT references to GOPATH in README
2013-11-21 08:47:41 -07:00
David Kitchen
5b954f1f77
Updated tests to check for th tags instead of td tags within thead blocks
2013-10-17 10:35:44 +01:00
David Kitchen
6e6572e913
Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this)
2013-10-16 11:36:33 +01:00
Russ Ross
48d1f9d9cc
fix smartypants to pass single backticks through, issue #38
2013-10-01 13:55:34 -06:00
athom
4c11f72496
allow \~ to escape as ~
2013-10-01 16:14:04 +08:00
Russ Ross
ca82b8db3a
panic fix (issue #33 ) with test case
2013-09-11 12:47:43 -06:00
Lancee
472fe3a756
Merge pull request #32 from bertzzie/master
...
Enable Parsing Inside a Link
2013-09-08 23:16:18 -07:00
Alex Xandra Albert Sim
e250348279
Image inside a link now works.
2013-09-09 12:51:46 +07:00
Alex Xandra Albert Sim
da8f2753e2
Added test for link inside image
2013-09-09 12:51:20 +07:00
Vytautas Šaltenis
3f24fadb28
Merge pull request #31 from aybabtme/patch-1
...
Fix typo.
2013-09-01 11:56:32 -07:00
Antoine Grondin
bd3e6c9492
Fix typo.
2013-09-01 10:59:06 -07:00
Russ Ross
d4bdd8db21
update license language to match OSI
2013-08-14 07:43:17 -06:00
Vytautas Šaltenis
8395200adf
Merge pull request #29 from athom/master
...
add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM
2013-08-10 13:13:13 -07:00
athom
31798e0eab
add testcase for GFM autolink
2013-08-09 17:24:26 +08:00