StarMirror
/
blackfriday
mirror of https://github.com/russross/blackfriday
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
435 Commits
8 Branches
14 Tags
3.7 MiB
Commit Graph

435 Commits (master)

Author SHA1 Message Date
Vytautas Šaltenis 1fd57a277b Merge pull request #56 from muhqu/issue/45 
Fix for Fenced Code Blocks without a blank line before
 2014-04-08 13:00:13 +03:00
Mathias Leppich cb288d6b5d Revert "add an infinity-loop detection to block-level parsing" 
This reverts commit 0c62e28e90.
 2014-04-08 11:51:17 +02:00
Dave Johnston 924064f3f7 Also support header IDs in ## headers ## 2014-04-06 10:30:40 +01:00
Dave Johnston 7ad5f9c119 Correctly emit trailing header ID brace 2014-04-05 20:59:03 +01:00
Dave Johnston cf01a94556 Add Header IDs to default extensions 2014-04-05 20:45:57 +01:00
Dave Johnston 2dff0864f0 Add header ID support and tests: # Header {#myid} 2014-04-05 20:42:58 +01:00
Vytautas Šaltenis 78dbffcfb7 Merge pull request #58 from aspic/master 
Explicit return byte array at end of function.
 2014-04-05 21:48:09 +03:00
Kjetil Mehl 786aed6213 Explicit return byte array at end of function. 2014-04-05 16:59:28 +02:00
Mathias Leppich 17ca261449 optimisation: only fix fenced code blocks if the extensions parser flag is set... ;-) 2014-04-01 23:20:18 +02:00
Mathias Leppich 093273323a out-comment stderr debug output 2014-03-30 22:40:43 +02:00
Mathias Leppich ec90dd0fc4 add some stderr output to reference stress tests 2014-03-30 22:40:43 +02:00
Mathias Leppich cd3fa08cb1 fix issue #45: 'Fenced Code Blocks without a blank line before' 
Add missing newline between paragraph and fenced code block within `firstPass()`.
 2014-03-30 22:40:43 +02:00
Mathias Leppich a4274bba51 add error message when panic has been raised within `doTestsBlock()` 2014-03-30 22:40:43 +02:00
Mathias Leppich 0c62e28e90 add an infinity-loop detection to block-level parsing 2014-03-30 22:40:43 +02:00
Mathias Leppich d4c367a949 add test cases for issue #45 2014-03-30 22:40:43 +02:00
Vytautas Šaltenis 55bb56bf9b Merge pull request #55 from rtfb/master 
Autolink fixes
 2014-03-30 19:58:39 +03:00
Vytautas Šaltenis d643453f1e Merge pull request #50 from rtfb/master 
Better protection against JavaScript injection
 2014-03-30 19:52:13 +03:00
gihnius c9977f0c0b test: add nofollow ref for non internal links only 2014-03-21 11:17:31 +08:00
gihnius 93484b1424 add nofollow ref for non internal links only 2014-03-21 11:14:58 +08:00
gihnius ecf59d4a55 add target blank attr 2014-03-21 10:52:46 +08:00
Vytautas Šaltenis e078bb8ec3 Merge pull request #52 from laslowh/master 
add HTML_NOFOLLOW_LINKS
 2014-03-10 21:47:35 +02:00
Graham Miller d71c759108 add HTML_NOFOLLOW_LINKS 2014-02-25 09:21:57 -05:00
Vytautas Šaltenis e5937643a9 Fix bug in autolink with trailing semicolon 
In case the link ends with escaped html entity, the semicolon is a part
of the link and should not be interpreted as punctuation.
 2014-02-17 21:09:04 +02:00
Vytautas Šaltenis b0bdfbec4c Fix bug in autolink overescaping html entities 
If autolink encounters a link which already has an escaped html entity,
it would escape the ampersand again, producing things like these:
    &  --> &
    " --> "
This commit solves that by first looking for all entity-looking things
in the link and copying those ranges verbatim, only considering the rest
of the string for escaping.
Doesn't seem to have considerable performance impact.
The mailto: links are processed the old way.
 2014-02-17 21:09:04 +02:00
Vytautas Šaltenis cc0d56d092 Extract a chain of ifs into separate func 
This gives a ~10% slowdown of a full test run, which is tolerable.
Switch statement is still slightly slower (~5%). Using map turned out to
be unacceptably slow (~3x slowdown).
 2014-02-17 21:09:04 +02:00
Vytautas Šaltenis 84ee8e62f6 Add a note about JavaScript injections to README 2014-02-17 21:09:03 +02:00
Vytautas Šaltenis 31a96c6ce7 go fmt 2014-02-17 21:09:03 +02:00
Vytautas Šaltenis f2d43f69a4 Fix bug in autolink termination 
Detect the end of link when it is immediately followed by an element.
 2014-02-17 21:09:03 +02:00
Vytautas Šaltenis 9fc8c9d866 Fix bug with overzealous autolink processing 
When the source Markdown contains an anchor tag with URL as link text
(i.e. <a href=...>http://foo.bar</a>), autolink converts that link text
into another anchor tag, which is nonsense. Detect this situation with
regexp and early exit autolink processing.
 2014-02-17 21:09:03 +02:00
Vytautas Šaltenis 2f50a53f8e Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT 2014-01-22 01:23:43 +02:00
Vytautas Šaltenis 55cd82008e Rewrite protection against JavaScript injection 
This drops the naive approach at <script> tag stripping and resorts to
full sanitization of html. The general idea (and the regexps) is grabbed
from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in
PageDown, it's implemented as a separate pass over resulting html.

Includes a metric ton (but not all) of test cases from here[2]. Several
are commented out since they don't pass yet.

Stronger (but still incomplete) fix for #11.

[1] http://code.google.com/p/pagedown/wiki/PageDown
[2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
 2014-01-22 01:14:35 +02:00
Vytautas Šaltenis e02c392dc6 Extract useful code to separate func 2014-01-22 00:45:43 +02:00
Vytautas Šaltenis 5405274d99 Merge pull request #44 from FreakyDazio/safe-relatives 
Relative URIs are considered safe
 2014-01-08 11:51:13 -08:00
Vytautas Šaltenis 0c38d23ca2 Merge pull request #43 from microcosm-cc/master 
Cells in THEAD > TR are now TH.
 2014-01-08 11:46:30 -08:00
Darren Coxall 607ec21435 Tests for links when using HTML_SAFELINK 2013-12-19 10:00:47 +00:00
Darren Coxall 59358adea8 Relative URIs are considered safe 2013-12-09 14:41:37 +00:00
Russ Ross d0e587acc8 Change GOROOT references to GOPATH in README 2013-11-21 08:47:41 -07:00
David Kitchen 5b954f1f77 Updated tests to check for th tags instead of td tags within thead blocks 2013-10-17 10:35:44 +01:00
David Kitchen 6e6572e913 Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this) 2013-10-16 11:36:33 +01:00
Russ Ross 48d1f9d9cc fix smartypants to pass single backticks through, issue #38 2013-10-01 13:55:34 -06:00
athom 4c11f72496 allow \~ to escape as ~ 2013-10-01 16:14:04 +08:00
Russ Ross ca82b8db3a panic fix (issue #33) with test case 2013-09-11 12:47:43 -06:00
Lancee 472fe3a756 Merge pull request #32 from bertzzie/master 
Enable Parsing Inside a Link
 2013-09-08 23:16:18 -07:00
Alex Xandra Albert Sim e250348279 Image inside a link now works. 2013-09-09 12:51:46 +07:00
Alex Xandra Albert Sim da8f2753e2 Added test for link inside image 2013-09-09 12:51:20 +07:00
Vytautas Šaltenis 3f24fadb28 Merge pull request #31 from aybabtme/patch-1 
Fix typo.
 2013-09-01 11:56:32 -07:00
Antoine Grondin bd3e6c9492 Fix typo. 2013-09-01 10:59:06 -07:00
Russ Ross d4bdd8db21 update license language to match OSI 2013-08-14 07:43:17 -06:00
Vytautas Šaltenis 8395200adf Merge pull request #29 from athom/master 
add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM
 2013-08-10 13:13:13 -07:00
athom 31798e0eab add testcase for GFM autolink 2013-08-09 17:24:26 +08:00