diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2015-07-13 09:21:35 -0700 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2015-07-13 10:15:55 -0700 |
| commit | ac39623d667999cfae1444b46508a9a423b0df1b (patch) | |
| tree | 40579cea4365b373fdc2831c2e43c2288671d028 /man | |
| parent | 6dcd2beafdfbc9f694916bcdfa822b896aa44177 (diff) | |
Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.
* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML
and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin
with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
`image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
Diffstat (limited to 'man')
| -rw-r--r-- | man/man1/cmark.1 | 8 | ||||
| -rw-r--r-- | man/man3/cmark.3 | 18 |
2 files changed, 25 insertions, 1 deletions
diff --git a/man/man1/cmark.1 b/man/man1/cmark.1 index 64fa697..8dd9165 100644 --- a/man/man1/cmark.1 +++ b/man/man1/cmark.1 @@ -45,6 +45,14 @@ be rendered as curly quotes, depending on their position. \f[C]\-\-\-\f[] will be rendered as an em-dash. \f[C]...\f[] will be rendered as ellipses. .TP 12n +.B \-\-safe +Do not render raw HTML or potentially dangerous URLs. +(Raw HTML is replaced by a placeholder comment; potentially +dangerous URLs are replaced by empty strings.) Dangerous +URLs are those that begin with `javascript:`, `vbscript:`, +`file:`, or `data:` (except for `image/png`, `image/gif`, +`image/jpeg`, or `image/webp` mime types). +.TP 12n .B \-\-help Print usage information. .TP 12n diff --git a/man/man3/cmark.3 b/man/man3/cmark.3 index 288fadc..1359fcc 100644 --- a/man/man3/cmark.3 +++ b/man/man3/cmark.3 @@ -1,4 +1,4 @@ -.TH cmark 3 "July 12, 2015" "LOCAL" "Library Functions Manual" +.TH cmark 3 "July 13, 2015" "LOCAL" "Library Functions Manual" .SH NAME .PP @@ -569,6 +569,22 @@ dashes. Validate UTF\-8 in the input before parsing, replacing illegal sequences with the replacement character U+FFFD. +.PP +.nf +\fC +.RS 0n +#define CMARK_OPT_SAFE 32 +.RE +\f[] +.fi + +.PP +Suppress raw HTML and unsafe links (\f[C]javascript:\f[], +\f[C]vbscript:\f[], \f[C]file:\f[], and \f[C]data:\f[], except for +\f[C]image/png\f[], \f[C]image/gif\f[], \f[C]image/jpeg\f[], or +\f[C]image/webp\f[] mime types). Raw HTML is replaced by a placeholder +HTML comment. Unsafe links are replaced by empty strings. + .SS Version information |