From 325a1471d2a32bcc1e2d2580b973ff4ba1df85e8 Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Sun, 17 Mar 2019 22:43:38 -0700 Subject: Make rendering safe by default. Removes CMARK_OPT_SAFE from options. Adds CMARK_OPT_UNSAFE, with the opposite meaning. The new default behavior is to suppress raw HTML and potentially dangerous links. The CMARK_OPT_UNSAFE option has to be set explicitly to prevent this. -------------------------------------------------------- NOTE: This change will require modifications in bindings for cmark and in most libraries and programs that use cmark. -------------------------------------------------------- Closes #239, #273. Borrows heavily from @kivikakk's patch in github/cmark-gfm#123. --- api_test/main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'api_test') diff --git a/api_test/main.c b/api_test/main.c index 1f1f77f..83afbff 100644 --- a/api_test/main.c +++ b/api_test/main.c @@ -177,7 +177,8 @@ static void accessors(test_batch_runner *runner) { OK(runner, cmark_node_set_literal(string, literal + sizeof("prefix")), "set_literal suffix"); - char *rendered_html = cmark_render_html(doc, CMARK_OPT_DEFAULT); + char *rendered_html = cmark_render_html(doc, + CMARK_OPT_DEFAULT | CMARK_OPT_UNSAFE); static const char expected_html[] = "

Header

\n" "
    \n" @@ -859,7 +860,7 @@ static void test_safe(test_batch_runner *runner) { "a>\n[link](JAVAscript:alert('hi'))\n![image](" "file:my.js)\n"; char *html = cmark_markdown_to_html(raw_html, sizeof(raw_html) - 1, - CMARK_OPT_DEFAULT | CMARK_OPT_SAFE); + CMARK_OPT_DEFAULT); STR_EQ(runner, html, "\n

    hi\nlink\n