From 325a1471d2a32bcc1e2d2580b973ff4ba1df85e8 Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Sun, 17 Mar 2019 22:43:38 -0700
Subject: Make rendering safe by default.

Removes CMARK_OPT_SAFE from options.

Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links.  The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.

--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------

Closes #239, #273.

Borrows heavily from @kivikakk's patch in github/cmark-gfm#123.
---
 test/cmark-fuzz.c | 2 +-
 test/cmark.py     | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'test')

diff --git a/test/cmark-fuzz.c b/test/cmark-fuzz.c
index 9bdd3a5..02c05bc 100644
--- a/test/cmark-fuzz.c
+++ b/test/cmark-fuzz.c
@@ -13,7 +13,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     memcpy(&fuzz_config, data, sizeof(fuzz_config));
 
     /* Mask off valid option bits */
-    fuzz_config.options &= (CMARK_OPT_SOURCEPOS | CMARK_OPT_HARDBREAKS | CMARK_OPT_SAFE | CMARK_OPT_NOBREAKS | CMARK_OPT_NORMALIZE | CMARK_OPT_VALIDATE_UTF8 | CMARK_OPT_SMART);
+    fuzz_config.options &= (CMARK_OPT_SOURCEPOS | CMARK_OPT_HARDBREAKS | CMARK_OPT_UNSAFE | CMARK_OPT_NOBREAKS | CMARK_OPT_NORMALIZE | CMARK_OPT_VALIDATE_UTF8 | CMARK_OPT_SMART);
 
     /* Remainder of input is the markdown */
     const char *markdown = (const char *)(data + sizeof(fuzz_config));
diff --git a/test/cmark.py b/test/cmark.py
index 4be85a3..38d2f59 100644
--- a/test/cmark.py
+++ b/test/cmark.py
@@ -17,7 +17,8 @@ def to_html(lib, text):
     markdown.argtypes = [c_char_p, c_size_t, c_int]
     textbytes = text.encode('utf-8')
     textlen = len(textbytes)
-    result = markdown(textbytes, textlen, 0).decode('utf-8')
+    # 1 << 17 == CMARK_OPT_UNSAFE
+    result = markdown(textbytes, textlen, 1 << 17).decode('utf-8')
     return [0, result, '']
 
 def to_commonmark(lib, text):
@@ -37,6 +38,7 @@ class CMark:
     def __init__(self, prog=None, library_dir=None):
         self.prog = prog
         if prog:
+            prog += ' --unsafe'
             self.to_html = lambda x: pipe_through_prog(prog, x)
             self.to_commonmark = lambda x: pipe_through_prog(prog + ' -t commonmark', x)
         else:
-- 
cgit v1.2.3