StarMirror/blackfriday
1
0
Fork 0
mirror of https://github.com/russross/blackfriday.git synced 2024-03-22 13:40:34 +08:00
Code Issues Projects Releases Wiki Activity
159 Commits 8 Branches 14 Tags 3.7 MiB
31a96c6ce7
Commit Graph

49 Commits

Author SHA1 Message Date
Vytautas Šaltenis
31a96c6ce7 go fmt 2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
2f50a53f8e Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT 2014-01-22 01:23:43 +02:00
Vytautas Šaltenis
55cd82008e Rewrite protection against JavaScript injection 
This drops the naive approach at <script> tag stripping and resorts to
full sanitization of html. The general idea (and the regexps) is grabbed
from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in
PageDown, it's implemented as a separate pass over resulting html.

Includes a metric ton (but not all) of test cases from here[2]. Several
are commented out since they don't pass yet.

Stronger (but still incomplete) fix for #11.

[1] http://code.google.com/p/pagedown/wiki/PageDown
[2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
 2014-01-22 01:14:35 +02:00
Vytautas Šaltenis
e02c392dc6 Extract useful code to separate func 2014-01-22 00:45:43 +02:00
David Kitchen
6e6572e913 Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this) 2013-10-16 11:36:33 +01:00
moshee
c23099e5ee Implementation and some tests for inline footnotes. Also I noticed the list items had the wrong ids, that was silly of me. 2013-07-01 01:37:52 +00:00
moshee
7bdb82c53a new tests pass but old tests now fail... 2013-06-26 15:57:51 +00:00
moshee
be082a1ef2 First attempt at supporting Pandoc-style footnotes. The existing tests have not broken but the new functionality does not work yet. 2013-06-25 01:18:47 +00:00
Vytautas Šaltenis
8226238289 Improve html element stripping code 2013-04-18 03:15:47 +03:00
Vytautas Šaltenis
dcaaa9b5dc More <script> stripping 
Partially addresses issue #11.
 2013-04-13 23:24:30 +03:00
Vytautas Šaltenis
fb923cdb78 Add an option to strip <script> elements 
Partially addresses issue #11.
 2013-04-13 22:57:16 +03:00
Vytautas Šaltenis
b79e720a36 Make isHtmlTag() case insensitive 2013-04-13 22:34:37 +03:00
Vytautas Šaltenis
a2fda5e98f Extract repetitive code to a func 2013-04-13 22:26:29 +03:00
Vytautas Šaltenis
d5a8df164b Fix bug in isHtmlTag() 
Fix what seems to be a typo. j should iterate through all tagname, so it
should be initialized to zero. The test exposes this bug.
 2013-04-13 22:21:47 +03:00
Caleb Spare
a25d9a543f Fix html tag ordering in doc string. 2012-11-22 12:52:56 -08:00
Caleb Spare
d0d854958e Fix up method documentation formatting. 2012-11-22 12:12:08 -08:00
moshee
8a86b6d6be HTML5 doctype, Wrap TOC with <nav> 
<nav> makes the TOC more easily identifiable and workable with CSS.
 2012-10-21 21:23:44 -07:00
Russ Ross
a5441fd99f updates for go 1 2012-03-07 21:36:31 -07:00
Russ Ross
530123dd9f additional doc comments 2011-07-07 12:05:29 -06:00
Russ Ross
bb8ee591d1 doc improvements, commenting 2011-07-07 11:56:45 -06:00
Russ Ross
bd60e3691b removing more redundant checks, additional cleanup of block parsing 2011-07-01 14:13:26 -06:00
Russ Ross
689f6cb79b more consistent spacing of block-level elements 2011-07-01 11:19:42 -06:00
Russ Ross
ae9562f685 move whitespace stripping to parser, not renderers 2011-06-29 15:38:35 -06:00
Russ Ross
d3c8225096 corner case spacing issue with table of contents 2011-06-29 13:24:15 -06:00
Russ Ross
2aca667078 simplify inline callback interface 2011-06-29 13:00:54 -06:00
Russ Ross
3c6f18afc7 Renderer is now an interface 2011-06-29 11:13:17 -06:00
Russ Ross
793fee5451 preparing for switch to rendering interface 2011-06-29 10:43:10 -06:00
Russ Ross
55697351d0 table of contents support beefed up 2011-06-29 10:36:56 -06:00
Russ Ross
873a60ad49 complete page rendering is now an option in the library 2011-06-29 10:08:56 -06:00
Russ Ross
b1a0318250 refactoring: inline renderers return bools, preparing rendering struct to become an interface 2011-06-28 19:46:35 -06:00
Russ Ross
55cde00c8a camel case 2011-06-28 16:02:12 -06:00
Russ Ross
fde2c60665 version number, few more options for command-line tool 2011-06-28 11:30:10 -06:00
Russ Ross
f8f70572a4 simplified BSD license 2011-06-27 20:11:32 -06:00
Russ Ross
e22e43bf76 eliminate a buffering level for paragraphs 2011-06-26 17:21:11 -06:00
Russ Ross
ea3d80e2d0 clean up main markdown function: split out first and second passes 2011-06-26 09:51:36 -06:00
Russ Ross
f5e3dc8073 refactoring: newlines as hard breaks changed from HTML option to global markdown option 2011-06-25 15:45:51 -06:00
Russ Ross
812e8d0185 refactoring paragraph rendering 2011-06-25 15:18:34 -06:00
Russ Ross
eff64c563f reduce copying for lists 2011-06-25 15:02:46 -06:00
Russ Ross
cf97fbd897 experiment: render headers directly to output buffer to avoid a copy; minor speed boost 2011-06-25 08:20:08 -06:00
Russ Ross
45ab8d0dc4 dumb tweak that gives a little speed bump 2011-06-24 21:53:46 -06:00
Russ Ross
44db721708 rewrite of attrEscape: cleaner and faster 2011-06-24 19:11:06 -06:00
Russ Ross
f9b03f67fb output validates, command-line tool has useful options 2011-06-24 11:50:03 -06:00
Russ Ross
f3386eb849 gofmt 2011-05-31 11:49:49 -06:00
Russ Ross
9d23b68fa5 export all names from Renderer struct 
This enables new back-ends that are not part of the package
Basically a big search-and-replace for this commit
 2011-05-30 21:44:52 -06:00
Russ Ross
679e1686db performance fix: with autolinking on, it is almost twice as fast now 2011-05-30 15:36:31 -06:00
Russ Ross
ee3fe99203 rudimentary latex backend, additional cleanup 2011-05-30 11:06:20 -06:00
Russ Ross
81cefb5e7c split parser into multiple files, clean up naming 2011-05-29 17:00:31 -06:00
Russ Ross
4e2d6a50a7 cleanup in markdown: better naming, misc fixes 2011-05-29 11:43:18 -06:00
Russ Ross
965748ad3d refactored into a proper package 2011-05-28 21:17:53 -06:00