From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Mon, 13 Jul 2015 09:21:35 -0700
Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.

* Added `CMARK_OPT_SAFE`.  This option disables rendering of raw HTML
  and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
  links if `CMARK_OPT_SAFE`.  Dangerous URLs are those that begin
  with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
  `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
---
 src/scanners.re | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/scanners.re')

diff --git a/src/scanners.re b/src/scanners.re
index efa6731..fbe3283 100644
--- a/src/scanners.re
+++ b/src/scanners.re
@@ -315,3 +315,17 @@ bufsize_t _scan_entity(const unsigned char *p)
   .? { return 0; }
 */
 }
+
+// Returns positive value if a URL begins in a way that is potentially
+// dangerous, with javascript:, vbscript:, file:, or data:, otherwise 0.
+bufsize_t _scan_dangerous_url(const unsigned char *p)
+{
+  const unsigned char *marker = NULL;
+  const unsigned char *start = p;
+/*!re2c
+  'data:image/' ('png'|'gif'|'jpeg'|'webp') { return 0; }
+  'javascript:' | 'vbscript:' | 'file:' | 'data:' { return (bufsize_t)(p - start); }
+  .? { return 0; }
+*/
+}
+
-- 
cgit v1.2.3