From 325a1471d2a32bcc1e2d2580b973ff4ba1df85e8 Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Sun, 17 Mar 2019 22:43:38 -0700 Subject: Make rendering safe by default. Removes CMARK_OPT_SAFE from options. Adds CMARK_OPT_UNSAFE, with the opposite meaning. The new default behavior is to suppress raw HTML and potentially dangerous links. The CMARK_OPT_UNSAFE option has to be set explicitly to prevent this. -------------------------------------------------------- NOTE: This change will require modifications in bindings for cmark and in most libraries and programs that use cmark. -------------------------------------------------------- Closes #239, #273. Borrows heavily from @kivikakk's patch in github/cmark-gfm#123. --- man/man3/cmark.3 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'man') diff --git a/man/man3/cmark.3 b/man/man3/cmark.3 index 4cb20d6..8e4b4c7 100644 --- a/man/man3/cmark.3 +++ b/man/man3/cmark.3 @@ -1,4 +1,4 @@ -.TH cmark 3 "June 02, 2017" "LOCAL" "Library Functions Manual" +.TH cmark 3 "March 17, 2019" "LOCAL" "Library Functions Manual" .SH NAME .PP @@ -721,17 +721,17 @@ Render \f[C]softbreak\f[] elements as hard line breaks. .nf \fC .RS 0n -#define CMARK_OPT_SAFE (1 << 3) +#define CMARK_OPT_UNSAFE (1 << 17) .RE \f[] .fi .PP -Suppress raw HTML and unsafe links (\f[C]javascript:\f[], +Render raw HTML and unsafe links (\f[C]javascript:\f[], \f[C]vbscript:\f[], \f[C]file:\f[], and \f[C]data:\f[], except for \f[C]image/png\f[], \f[C]image/gif\f[], \f[C]image/jpeg\f[], or -\f[C]image/webp\f[] mime types). Raw HTML is replaced by a placeholder -HTML comment. Unsafe links are replaced by empty strings. +\f[C]image/webp\f[] mime types). By default, raw HTML is replaced by a +placeholder HTML comment. Unsafe links are replaced by empty strings. .PP .nf -- cgit v1.2.3