StarMirror/blackfriday
1
0
Fork 0
mirror of https://github.com/russross/blackfriday.git synced 2024-03-22 13:40:34 +08:00
Code Issues Projects Releases Wiki Activity
215 Commits 8 Branches 14 Tags 3.7 MiB
f3ab1849e6
Commit Graph

7 Commits

Author SHA1 Message Date
Vytautas Šaltenis
717a976f69 Merge pull request #76 from mprobst/self-closing 
feat: Write self-closing tags with a />
 2014-05-03 15:11:53 +03:00
Martin Probst
55d8f72dde feat: Write self-closing tags with a /> 
Adds tests for self-closing tags both for correct writing and for correct
sanitization, i.e. stripping attributes on them.
 2014-05-03 13:59:10 +02:00
Martin Probst
11e042f6c1 Avoid raw mode parsing so that raw mode tags like <script> don't cause issues. 
Certain tags like <script> but also <title> and others switch an HTML5 parser
into raw mode, which causes the rest of the HTML string to be always parsed as
text, including any elements or entities that we do want to support (e.g. <p>).

As we're going to escape any of the raw text elements anyway (it's e.g. script,
style, title, xmp, noframes, and a couple of others) we can just switch of raw
text parsing by disabling it after each starting tag.
 2014-05-03 13:26:52 +02:00
Martin Probst
8d2af3a21b Add support for a bunch more safe HTML element tags, and bring them into some order. 2014-05-01 22:08:32 +02:00
Martin Probst
f9b7593e65 fix: Handle all different token types that the parser can emit (d'oh). 2014-05-01 20:55:53 +02:00
Vytautas Šaltenis
b44be78459 Allow rel attribute in sanitizer 
Fixes issue #68.
 2014-05-01 20:49:49 +03:00
Martin Probst
41251715ad Use go.net/html's parser to sanitize HTML. 
Use an HTML5 compliant parser that interprets HTML as a browser would to parse
the Markdown result and then sanitize based on the result.
Escape unrecognized and disallowed HTML in the result.
Currently works with a hard coded whitelist of safe HTML tags and attributes.
 2014-04-27 23:40:44 +02:00