Vytautas Šaltenis
55bb56bf9b
Merge pull request #55 from rtfb/master
...
Autolink fixes
2014-03-30 19:58:39 +03:00
Vytautas Šaltenis
d643453f1e
Merge pull request #50 from rtfb/master
...
Better protection against JavaScript injection
2014-03-30 19:52:13 +03:00
Graham Miller
d71c759108
add HTML_NOFOLLOW_LINKS
2014-02-25 09:21:57 -05:00
Vytautas Šaltenis
b0bdfbec4c
Fix bug in autolink overescaping html entities
...
If autolink encounters a link which already has an escaped html entity,
it would escape the ampersand again, producing things like these:
& --> &
" --> "
This commit solves that by first looking for all entity-looking things
in the link and copying those ranges verbatim, only considering the rest
of the string for escaping.
Doesn't seem to have considerable performance impact.
The mailto: links are processed the old way.
2014-02-17 21:09:04 +02:00
Vytautas Šaltenis
cc0d56d092
Extract a chain of ifs into separate func
...
This gives a ~10% slowdown of a full test run, which is tolerable.
Switch statement is still slightly slower (~5%). Using map turned out to
be unacceptably slow (~3x slowdown).
2014-02-17 21:09:04 +02:00
Vytautas Šaltenis
31a96c6ce7
go fmt
2014-02-17 21:09:03 +02:00
Vytautas Šaltenis
2f50a53f8e
Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT
2014-01-22 01:23:43 +02:00
Vytautas Šaltenis
55cd82008e
Rewrite protection against JavaScript injection
...
This drops the naive approach at <script> tag stripping and resorts to
full sanitization of html. The general idea (and the regexps) is grabbed
from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in
PageDown, it's implemented as a separate pass over resulting html.
Includes a metric ton (but not all) of test cases from here[2]. Several
are commented out since they don't pass yet.
Stronger (but still incomplete) fix for #11 .
[1] http://code.google.com/p/pagedown/wiki/PageDown
[2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
2014-01-22 01:14:35 +02:00
Vytautas Šaltenis
e02c392dc6
Extract useful code to separate func
2014-01-22 00:45:43 +02:00
David Kitchen
6e6572e913
Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this)
2013-10-16 11:36:33 +01:00
moshee
c23099e5ee
Implementation and some tests for inline footnotes. Also I noticed the list items had the wrong ids, that was silly of me.
2013-07-01 01:37:52 +00:00
moshee
7bdb82c53a
new tests pass but old tests now fail...
2013-06-26 15:57:51 +00:00
moshee
be082a1ef2
First attempt at supporting Pandoc-style footnotes. The existing tests have not broken but the new functionality does not work yet.
2013-06-25 01:18:47 +00:00
Vytautas Šaltenis
8226238289
Improve html element stripping code
2013-04-18 03:15:47 +03:00
Vytautas Šaltenis
dcaaa9b5dc
More <script> stripping
...
Partially addresses issue #11 .
2013-04-13 23:24:30 +03:00
Vytautas Šaltenis
fb923cdb78
Add an option to strip <script> elements
...
Partially addresses issue #11 .
2013-04-13 22:57:16 +03:00
Vytautas Šaltenis
b79e720a36
Make isHtmlTag() case insensitive
2013-04-13 22:34:37 +03:00
Vytautas Šaltenis
a2fda5e98f
Extract repetitive code to a func
2013-04-13 22:26:29 +03:00
Vytautas Šaltenis
d5a8df164b
Fix bug in isHtmlTag()
...
Fix what seems to be a typo. j should iterate through all tagname, so it
should be initialized to zero. The test exposes this bug.
2013-04-13 22:21:47 +03:00
Caleb Spare
a25d9a543f
Fix html tag ordering in doc string.
2012-11-22 12:52:56 -08:00
Caleb Spare
d0d854958e
Fix up method documentation formatting.
2012-11-22 12:12:08 -08:00
moshee
8a86b6d6be
HTML5 doctype, Wrap TOC with <nav>
...
<nav> makes the TOC more easily identifiable and workable with CSS.
2012-10-21 21:23:44 -07:00
Russ Ross
a5441fd99f
updates for go 1
2012-03-07 21:36:31 -07:00
Russ Ross
530123dd9f
additional doc comments
2011-07-07 12:05:29 -06:00
Russ Ross
bb8ee591d1
doc improvements, commenting
2011-07-07 11:56:45 -06:00
Russ Ross
bd60e3691b
removing more redundant checks, additional cleanup of block parsing
2011-07-01 14:13:26 -06:00
Russ Ross
689f6cb79b
more consistent spacing of block-level elements
2011-07-01 11:19:42 -06:00
Russ Ross
ae9562f685
move whitespace stripping to parser, not renderers
2011-06-29 15:38:35 -06:00
Russ Ross
d3c8225096
corner case spacing issue with table of contents
2011-06-29 13:24:15 -06:00
Russ Ross
2aca667078
simplify inline callback interface
2011-06-29 13:00:54 -06:00
Russ Ross
3c6f18afc7
Renderer is now an interface
2011-06-29 11:13:17 -06:00
Russ Ross
793fee5451
preparing for switch to rendering interface
2011-06-29 10:43:10 -06:00
Russ Ross
55697351d0
table of contents support beefed up
2011-06-29 10:36:56 -06:00
Russ Ross
873a60ad49
complete page rendering is now an option in the library
2011-06-29 10:08:56 -06:00
Russ Ross
b1a0318250
refactoring: inline renderers return bools, preparing rendering struct to become an interface
2011-06-28 19:46:35 -06:00
Russ Ross
55cde00c8a
camel case
2011-06-28 16:02:12 -06:00
Russ Ross
fde2c60665
version number, few more options for command-line tool
2011-06-28 11:30:10 -06:00
Russ Ross
f8f70572a4
simplified BSD license
2011-06-27 20:11:32 -06:00
Russ Ross
e22e43bf76
eliminate a buffering level for paragraphs
2011-06-26 17:21:11 -06:00
Russ Ross
ea3d80e2d0
clean up main markdown function: split out first and second passes
2011-06-26 09:51:36 -06:00
Russ Ross
f5e3dc8073
refactoring: newlines as hard breaks changed from HTML option to global markdown option
2011-06-25 15:45:51 -06:00
Russ Ross
812e8d0185
refactoring paragraph rendering
2011-06-25 15:18:34 -06:00
Russ Ross
eff64c563f
reduce copying for lists
2011-06-25 15:02:46 -06:00
Russ Ross
cf97fbd897
experiment: render headers directly to output buffer to avoid a copy; minor speed boost
2011-06-25 08:20:08 -06:00
Russ Ross
45ab8d0dc4
dumb tweak that gives a little speed bump
2011-06-24 21:53:46 -06:00
Russ Ross
44db721708
rewrite of attrEscape: cleaner and faster
2011-06-24 19:11:06 -06:00
Russ Ross
f9b03f67fb
output validates, command-line tool has useful options
2011-06-24 11:50:03 -06:00
Russ Ross
f3386eb849
gofmt
2011-05-31 11:49:49 -06:00
Russ Ross
9d23b68fa5
export all names from Renderer struct
...
This enables new back-ends that are not part of the package
Basically a big search-and-replace for this commit
2011-05-30 21:44:52 -06:00
Russ Ross
679e1686db
performance fix: with autolinking on, it is almost twice as fast now
2011-05-30 15:36:31 -06:00