Age | Commit message (Collapse) | Author |
|
|
|
Removes CMARK_OPT_SAFE from options.
Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links. The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.
--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------
Closes #239, #273.
Borrows heavily from @kivikakk's patch in github/cmark-gfm#123.
|
|
|
|
|
|
With current HTML escaping, sometimes we may produce an XML tag like
<code_block> </code_block>
Many XML parsers consider these spaces insignificant and strip them
out but we need this. There's actually a test case like this in
spec.txt (search "A code block can have all empty lines as its
content:") and without proper hinting, an external xml->html converter
will fail the spec.
XML standard covers this case. If xml:space is "preserve", then
whitespaces are significant and should be kept. Add this hint for
text, code, code_block, html_inline and html_block tags.
|
|
|
|
|
|
as documented!
Closes #202.
|
|
This reverts commit 4fbe344df43ed7f60a3d3a53981088334cb709fc.
|
|
* Improve strbuf guarantees
Introduce BUFSIZE_MAX macro and make sure that the strbuf implementation
can handle strings up to this size.
* Abort early if document size exceeds internal limit
* Change types for source map offsets
Switch to size_t for the public API, making the public headers
C89-compatible again.
Switch to bufsize_t internally, reducing memory usage and improving
performance on 32-bit platforms.
* Make parser return NULL on internal index overflow
Make S_parser_feed set an error and ignore subsequent chunks if the
total input document size exceeds an internal limit. Make
cmark_parser_finish return NULL if an error was encountered. Add
public API functions to retrieve error code and error message.
strbuf overflow in renderers and OOM in parser or renderers still
cause an abort.
|
|
|
|
|
|
|
|
It's possible that cmark_chunk_set_cstr is called with a substring
(suffix) of the current string. Delay freeing of the chunk content
to handle this case correctly.
Fixes issue #139.
|
|
Add library option to render softbreaks as spaces
|
|
Replaced nodes are not automatically freed.
|
|
|
|
|
|
|
|
|
|
API change.
I've found in using the API that this is very often
wanted.
|
|
This did not allow for the possibility that a node
might have no containing block, causing the commonmark
renderer to segfault if passed an inline node with no
block parent.
|
|
render_commonmark on a non-block node.
Still don't know why.
|
|
Closes #51.
|
|
Removed a test we can't yet handle with the render interface.
The renderer isn't smart enough to escape a `-` that wraps to
the beginning of a line.
|
|
|
|
|
|
|
|
|
|
|
|
API change. Sorry, but this is the time to break things,
before 1.0 is released. This matches the recent changes to
CommonMark.dtd.
|
|
CMARK_NODE_HRULE -> CMARK_NODE_THEMATIC_BREAK.
However we've defined the former as the latter to keep
backwards compatibility.
See jgm/CommonMark 8fa94cb460f5e516b0e57adca33f50a669d51f6c
|
|
Defined CMARK_NODE_HEADER to CMARK_NODE_HEADING to ease
the transition.
|
|
See jgm/CommonMark commit 0cdbcee4e840abd0ac7db93797b2b75ca4104314
Note that we have defined
cmark_node_get_header_level = cmark_node_get_heading_level
and
cmark_node_set_header_level = camrk_node_set_heading_level
for backwards compatibility in the API.
|
|
|
|
Closes #71.
Added a test to api_test.
|
|
Currently fails.
|
|
* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML
and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin
with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
`image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
|
|
This is easier to access using ffi, since some languages, like C#
like to use only function interfaces for accessing library
functionality.
fixes #60
|
|
Also command line option `--validate-utf8`.
This option causes cmark to check for valid UTF-8,
replacing invalid sequences with the replacement
character, U+FFFD.
Reinstated api tests for utf8.
|
|
We no longer validate utf8 before parsing.
|
|
|
|
|
|
This closes #33.
|
|
|
|
Also to some non-exported functions in blocks and inlines.
|
|
Add version number and string as macros and symbols. Version numbers can
be easily compared, for example in the C preprocessor:
#include <cmark.h>
#if CMARK_VERSION < 0x020200
#error Requires libcmark 2.2.0 or higher
#endif
Storing the version in a global variable allows to check the library
version at runtime. For example:
if (CMARK_VERSION != cmark_version) {
warn("Compiled against libcmark %s, but using %s",
CMARK_VERSION_STRING, cmark_version_string);
}
The version should be updated whenever the public API is changed.
|
|
* Advance to the next node when calling 'cmark_iter_next', not when
calling 'cmark_iter_get_node'.
* Add 'cmark_iter_get_event_type' accessor.
* Allow deletion of nodes after an 'EXIT' event, or an 'ENTER' event for
leaf nodes.
|
|
|
|
To keep the API simple and avoid API changes when new options are
added, this is just a long integer.
Set it by disjoining options that are defined as powers of 2: e.g.
`CMARK_HTML_SOURCEPOS | CMARK_HTML_HARDREAKS`.
Test options using `&`: `if (options & CMARK_HTML_SOURCEPOS)`.
Added `--hardbreaks` and `--sourcepos` command-line options.
|