Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.

* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security.
author: John MacFarlane <jgm@berkeley.edu> 2015-07-13 09:21:35 -0700
committer: John MacFarlane <jgm@berkeley.edu> 2015-07-13 10:15:55 -0700
commit: ac39623d667999cfae1444b46508a9a423b0df1b (patch)
tree: 40579cea4365b373fdc2831c2e43c2288671d028 /man/man1
parent: 6dcd2beafdfbc9f694916bcdfa822b896aa44177 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/man/man1/cmark.1 b/man/man1/cmark.1
index 64fa697..8dd9165 100644
--- a/man/man1/cmark.1
+++ b/man/man1/cmark.1
@@ -45,6 +45,14 @@ be rendered as curly quotes, depending on their position.
 \f[C]\-\-\-\f[] will be rendered as an em-dash.
 \f[C]...\f[] will be rendered as ellipses.
 .TP 12n
+.B \-\-safe
+Do not render raw HTML or potentially dangerous URLs.
+(Raw HTML is replaced by a placeholder comment; potentially
+dangerous URLs are replaced by empty strings.)  Dangerous
+URLs are those that begin with `javascript:`, `vbscript:`,
+`file:`, or `data:` (except for `image/png`, `image/gif`,
+`image/jpeg`, or `image/webp` mime types).
+.TP 12n
 .B \-\-help
 Print usage information.
 .TP 12n
author	John MacFarlane <jgm@berkeley.edu>	2015-07-13 09:21:35 -0700
committer	John MacFarlane <jgm@berkeley.edu>	2015-07-13 10:15:55 -0700
commit	ac39623d667999cfae1444b46508a9a423b0df1b (patch)
tree	40579cea4365b373fdc2831c2e43c2288671d028 /man/man1
parent	6dcd2beafdfbc9f694916bcdfa822b896aa44177 (diff)