blackfriday

mirror of https://github.com/russross/blackfriday.git synced 2024-03-22 13:40:34 +08:00

Author	SHA1	Message	Date
Vytautas Šaltenis	2f50a53f8e	Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT	2014-01-22 01:23:43 +02:00
Vytautas Šaltenis	55cd82008e	Rewrite protection against JavaScript injection This drops the naive approach at <script> tag stripping and resorts to full sanitization of html. The general idea (and the regexps) is grabbed from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in PageDown, it's implemented as a separate pass over resulting html. Includes a metric ton (but not all) of test cases from here[2]. Several are commented out since they don't pass yet. Stronger (but still incomplete) fix for #11. [1] http://code.google.com/p/pagedown/wiki/PageDown [2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet	2014-01-22 01:14:35 +02:00
Darren Coxall	607ec21435	Tests for links when using HTML_SAFELINK	2013-12-19 10:00:47 +00:00
Russ Ross	ca82b8db3a	panic fix (issue #33 ) with test case	2013-09-11 12:47:43 -06:00
Alex Xandra Albert Sim	da8f2753e2	Added test for link inside image	2013-09-09 12:51:20 +07:00
athom	31798e0eab	add testcase for GFM autolink	2013-08-09 17:24:26 +08:00
moshee	3ea84a5811	parser no longer returns prematurely from empty footnote ref	2013-07-08 22:34:12 +00:00
moshee	1a73bae554	added slice bounds check	2013-07-08 06:54:25 +00:00
moshee	c23099e5ee	Implementation and some tests for inline footnotes. Also I noticed the list items had the wrong ids, that was silly of me.	2013-07-01 01:37:52 +00:00
moshee	7bdb82c53a	new tests pass but old tests now fail...	2013-06-26 15:57:51 +00:00
moshee	be082a1ef2	First attempt at supporting Pandoc-style footnotes. The existing tests have not broken but the new functionality does not work yet.	2013-06-25 01:18:47 +00:00
Vytautas Šaltenis	8226238289	Improve html element stripping code	2013-04-18 03:15:47 +03:00
Vytautas Šaltenis	85e2207cd0	Couple more tests	2013-04-14 01:42:47 +03:00
Vytautas Šaltenis	dcaaa9b5dc	More <script> stripping Partially addresses issue #11.	2013-04-13 23:24:30 +03:00
Vytautas Šaltenis	fb923cdb78	Add an option to strip <script> elements Partially addresses issue #11.	2013-04-13 22:57:16 +03:00
Vytautas Šaltenis	b79e720a36	Make isHtmlTag() case insensitive	2013-04-13 22:34:37 +03:00
Vytautas Šaltenis	d5a8df164b	Fix bug in isHtmlTag() Fix what seems to be a typo. j should iterate through all tagname, so it should be initialized to zero. The test exposes this bug.	2013-04-13 22:21:47 +03:00
Vytautas Šaltenis	90509d39d4	Make a way to parameterize inline tests Expose extensions and html flags parameters so that tests could specify what code paths they want to exercise.	2013-04-13 22:18:14 +03:00
Russ Ross	e35b4b66cc	bounds checking stress tests	2011-07-03 10:51:07 -06:00
Russ Ross	ae9562f685	move whitespace stripping to parser, not renderers	2011-06-29 15:38:35 -06:00
Russ Ross	2aca667078	simplify inline callback interface	2011-06-29 13:00:54 -06:00
Russ Ross	873a60ad49	complete page rendering is now an option in the library	2011-06-29 10:08:56 -06:00
Russ Ross	c969dff782	added simplified interface for common usage	2011-06-28 15:55:27 -06:00
Russ Ross	fde2c60665	version number, few more options for command-line tool	2011-06-28 11:30:10 -06:00
Russ Ross	f8f70572a4	simplified BSD license	2011-06-27 20:11:32 -06:00
Russ Ross	c8f7e789d4	more robust whitespace stripping and matching corrections to tests	2011-06-27 16:06:16 -06:00
Russ Ross	9a0217f7aa	fixed minor bugs uncovered by more testing	2011-06-27 14:35:11 -06:00
Russ Ross	3af64a90ad	fixed headers nested in lists, added prefix header unit tests	2011-06-27 10:13:13 -06:00
Russ Ross	be0fb4602b	more inline unit tests	2011-06-24 16:39:50 -06:00
Russ Ross	1e40ebaf47	unit test for linebreaks	2011-06-01 18:52:55 -06:00
Russ Ross	2abc3af015	starting inline unit tests, fix a few minor bugs they exposed	2011-06-01 12:17:17 -06:00

31 Commits