Age | Commit message (Collapse) | Author |
|
* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML
and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin
with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
`image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
|
|
re2c returns the longest match, so we were getting bad
results with
[link](foo\(and\(bar\)\))
which it would parse as containing a bare `\` followed by
an in-parens chunk ending with the final paren.
|
|
This allows for custom tags, see jgm/CommonMark#239.
|
|
* Rewrote spec for HTML blocks. A few other spec examples
also changed as a result.
* Removed old `html_block_tag` scanner. Added new
`html_block_start` and `html_block_start_7`, as well
as `html_block_end_n` for n = 1-5.
* Rewrote block parser for new HTML block spec.
|
|
|
|
See jgm/commonmark#45.
|
|
There are probably a couple of places I missed. But this will only
be a problem if we use a 64-bit bufsize_t at some point. Then, we'll
get warnings from -Wshorten-64-to-32.
|
|
|
|
This is used in the commonmark renderer.
|
|
|
|
Backslash escapes not allowed in autolinks.
|
|
This is a more logical arrangement and follows recent changes to
the JS implementation.
|
|
Note: this only affects inline parsing. Block parsing
is handled differently.
|
|
|
|
Reverts 225d720.
|
|
This reduces build dependencies and should help avoid issues like
|