Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 01:23:43 +0200
Rewrite protection against JavaScript injection This drops the naive approach at <script> tag stripping and resorts to full sanitization of html. The general idea (and the regexps) is grabbed from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in PageDown, it's implemented as a separate pass over resulting html. Includes a metric ton (but not all) of test cases from here[2]. Several are commented out since they don't pass yet. Stronger (but still incomplete) fix for #11. [1] http://code.google.com/p/pagedown/wiki/PageDown [2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 01:14:35 +0200
Extract useful code to separate func
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 00:45:43 +0200
Merge pull request #44 from FreakyDazio/safe-relatives Relative URIs are considered safe
Vytautas Šaltenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:51:13 -0800
Merge pull request #43 from microcosm-cc/master Cells in THEAD > TR are now TH.
Vytautas Šaltenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:46:30 -0800
Change GOROOT references to GOPATH in README
Russ Ross russ@russross.com
Thu, 21 Nov 2013 08:47:41 -0700
fix smartypants to pass single backticks through, issue #38
Russ Ross russ@dixie.edu
Tue, 01 Oct 2013 13:55:34 -0600
panic fix (issue #33) with test case
Russ Ross russ@dixie.edu
Wed, 11 Sep 2013 12:47:43 -0600
Merge pull request #32 from bertzzie/master Enable Parsing Inside a Link
Lancee LY.lancee@gmail.com
Sun, 08 Sep 2013 23:16:18 -0700
Merge pull request #31 from aybabtme/patch-1 Fix typo.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 01 Sep 2013 11:56:32 -0700
update license language to match OSI
Russ Ross russ@russross.com
Wed, 14 Aug 2013 07:43:17 -0600
Merge pull request #29 from athom/master add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 10 Aug 2013 13:13:13 -0700
Merge pull request #27 from moshee/master Footnotes (addresses #14)
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Mon, 08 Jul 2013 23:03:42 -0700
Merge pull request #22 from rtfb/master Add some protection against script injection
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Tue, 21 May 2013 13:19:17 -0700
Merge pull request #24 from subosito/sample-fixes Fix table syntax example on README
Russ Ross russ@russross.com
Mon, 20 May 2013 15:15:38 -0700
Merge pull request #16 from cespare/blockcodegithub_doc_fix Fix up method documentation formatting for the BlockCodeGithub method.
Russ Ross russ@russross.com
Thu, 22 Nov 2012 18:00:19 -0800
Merge pull request #15 from moshee/master HTML5
Russ Ross russ@russross.com
Mon, 22 Oct 2012 06:39:47 -0700
recognize fraction slash as well as regular slash to make fractions
Russ Ross russ@russross.com
Sun, 11 Mar 2012 16:10:42 -0600
link directly to blackfriday-tool
Russ Ross russ@russross.com
Wed, 07 Mar 2012 22:12:46 -0700
readme updates for go 1
Russ Ross russ@russross.com
Wed, 07 Mar 2012 22:06:07 -0700
updates for go 1
Russ Ross russ@russross.com
Wed, 07 Mar 2012 21:36:31 -0700
version bump to v1.1
Russ Ross russ@russross.com
Mon, 26 Sep 2011 15:45:49 -0600
permit backslash-escaped vertical bars in tables
Russ Ross russ@dixie.edu
Tue, 13 Sep 2011 16:23:24 -0600
fixed bug with blank line handling within list items
Russ Ross russ@dixie.edu
Fri, 09 Sep 2011 12:30:45 -0600
table unit tests and fix for a crash uncovered by them
Russ Ross russ@russross.com
Mon, 25 Jul 2011 11:39:02 -0600
bug in tables when a row has too few columns
Russ Ross russ@russross.com
Mon, 25 Jul 2011 10:23:31 -0600
tag as version 1.0
Russ Ross russ@russross.com
Tue, 19 Jul 2011 11:42:24 -0600
additional doc comments
Russ Ross russ@russross.com
Thu, 07 Jul 2011 12:05:29 -0600
doc improvements, commenting
Russ Ross russ@russross.com
Thu, 07 Jul 2011 11:56:45 -0600
readme tweak
Russ Ross russ@russross.com
Wed, 06 Jul 2011 10:04:30 -0600
readme updates
Russ Ross russ@russross.com
Wed, 06 Jul 2011 10:01:13 -0600
simplify naming of parsing functions
Russ Ross russ@russross.com
Tue, 05 Jul 2011 14:22:21 -0600
finished removing redundant end-of-buffer checks in block parsing; code cleanup
Russ Ross russ@russross.com
Mon, 04 Jul 2011 18:56:29 -0600
bounds checking stress tests
Russ Ross russ@russross.com
Sun, 03 Jul 2011 10:51:07 -0600
missing bounds check
Russ Ross russ@russross.com
Sun, 03 Jul 2011 10:30:28 -0600
removing more redundant checks, additional cleanup of block parsing
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 14:13:26 -0600
more consistent spacing of block-level elements
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 11:19:42 -0600
remove redundant tests for tab characters in parsing
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 10:03:03 -0600
remove NO_EXPAND_TABS options
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 09:57:11 -0600
removing redundant end-of-buffer checks in block parsing
Russ Ross russ@russross.com
Wed, 29 Jun 2011 20:15:58 -0600
move whitespace stripping to parser, not renderers
Russ Ross russ@russross.com
Wed, 29 Jun 2011 15:38:35 -0600
corner case spacing issue with table of contents
Russ Ross russ@russross.com
Wed, 29 Jun 2011 13:24:15 -0600
simplify inline callback interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 13:00:54 -0600
version bump to 0.6
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:22:20 -0600
inline helpers put parser arg first
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:21:46 -0600
Renderer is now an interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:13:17 -0600
preparing for switch to rendering interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:43:10 -0600
table of contents support beefed up
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:36:56 -0600
complete page rendering is now an option in the library
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:08:56 -0600
refactoring: inline renderers return bools, preparing rendering struct to become an interface
Russ Ross russ@russross.com
Tue, 28 Jun 2011 19:46:35 -0600
render -> Parser, made parsing functions methods of *Parser
Russ Ross russ@russross.com
Tue, 28 Jun 2011 18:58:53 -0600
camel case
Russ Ross russ@russross.com
Tue, 28 Jun 2011 16:02:12 -0600
added simplified interface for common usage
Russ Ross russ@russross.com
Tue, 28 Jun 2011 15:55:27 -0600
version number, few more options for command-line tool
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 11:30:10 -0600
example markdown binary: try to guess a title
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:58:37 -0600
options to supress tab expansion or to expand tabs to 8 spaces instead of 4
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:58:10 -0600
fenced code: ending marker must match beginning marker, tests for fenced code blocks
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:30:25 -0600
readme tweak
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:15:12 -0600
README tweak
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:14:13 -0600
simplified BSD license
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:11:32 -0600
preformatted html block tests
Russ Ross russ@russross.com
Mon, 27 Jun 2011 19:35:40 -0600
tests for ordered lists
Russ Ross russ@russross.com
Mon, 27 Jun 2011 18:03:54 -0600
horizontal rule and list testing
Russ Ross russ@russross.com
Mon, 27 Jun 2011 16:06:32 -0600
more robust whitespace stripping and matching corrections to tests
Russ Ross russ@russross.com
Mon, 27 Jun 2011 16:06:16 -0600
fixed minor bugs uncovered by more testing
Russ Ross russ@russross.com
Mon, 27 Jun 2011 14:35:11 -0600
unit tests for underlined headers, improved whitespace handling for the same
Russ Ross russ@dixie.edu
Mon, 27 Jun 2011 11:42:38 -0600
fixed headers nested in lists, added prefix header unit tests
Russ Ross russ@dixie.edu
Mon, 27 Jun 2011 10:13:13 -0600
eliminate a buffering level for paragraphs
Russ Ross russ@russross.com
Sun, 26 Jun 2011 17:21:11 -0600
clean up main markdown function: split out first and second passes
Russ Ross russ@russross.com
Sun, 26 Jun 2011 09:51:36 -0600
refactoring: newlines as hard breaks changed from HTML option to global markdown option
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:45:51 -0600
refactoring paragraph rendering
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:18:34 -0600
reduce copying for lists
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:02:46 -0600
experiment: render headers directly to output buffer to avoid a copy; minor speed boost
Russ Ross russ@russross.com
Sat, 25 Jun 2011 08:20:08 -0600
dumb tweak that gives a little speed bump
Russ Ross russ@russross.com
Fri, 24 Jun 2011 21:53:46 -0600
rewrite of attrEscape: cleaner and faster
Russ Ross russ@russross.com
Fri, 24 Jun 2011 19:11:06 -0600
enable profiling from command-line tool
Russ Ross russ@russross.com
Fri, 24 Jun 2011 17:13:42 -0600
fraction example in readme
Russ Ross russ@russross.com
Fri, 24 Jun 2011 16:42:17 -0600
more inline unit tests
Russ Ross russ@russross.com
Fri, 24 Jun 2011 16:39:50 -0600
output validates, command-line tool has useful options
Russ Ross russ@russross.com
Fri, 24 Jun 2011 11:50:03 -0600
improved (hopefully) smart quote handling
Russ Ross russ@dixie.edu
Wed, 22 Jun 2011 15:40:58 -0600
convert test files to unix format, fix a few broken ones
Russ Ross russ@dixie.edu
Fri, 10 Jun 2011 09:41:00 -0600
unit test for linebreaks
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:55 -0600
tab expansion bug
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:40 -0600
fix test name conflicts
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:24 -0600
Merge pull request #2 from kjk/markdown-tests integrate tests for markdown 1.0.3 test files by comparing them with refe
Russ Ross russross
Wed, 01 Jun 2011 17:24:11 -0700
starting inline unit tests, fix a few minor bugs they exposed
Russ Ross russ@russross.com
Wed, 01 Jun 2011 12:17:17 -0600
readme updates
Russ Ross russ@russross.com
Tue, 31 May 2011 16:31:36 -0600
comments, minor cleanups
Russ Ross russ@russross.com
Tue, 31 May 2011 16:28:07 -0600
rewrote the stinking pile of code that was blockParagraph
Russ Ross russ@russross.com
Tue, 31 May 2011 16:07:15 -0600
tab expansion fixed to handle multibyte unicode characters
Russ Ross russ@dixie.edu
Tue, 31 May 2011 12:04:58 -0600
gofmt
Russ Ross russ@dixie.edu
Tue, 31 May 2011 11:49:49 -0600
allocate new buffers on stack; mild speed improvement
Russ Ross russ@dixie.edu
Tue, 31 May 2011 11:11:04 -0600
export all names from Renderer struct This enables new back-ends that are not part of the package Basically a big search-and-replace for this commit
Russ Ross russ@russross.com
Mon, 30 May 2011 21:44:52 -0600
performance fix: with autolinking on, it is almost twice as fast now
Russ Ross russ@russross.com
Mon, 30 May 2011 15:36:31 -0600
remove dependency on less function
Russ Ross russ@russross.com
Mon, 30 May 2011 14:42:38 -0600
readme tweak
Russ Ross russ@russross.com
Mon, 30 May 2011 11:15:56 -0600
rudimentary latex backend, additional cleanup
Russ Ross russ@russross.com
Mon, 30 May 2011 11:06:20 -0600
split parser into multiple files, clean up naming
Russ Ross russ@russross.com
Sun, 29 May 2011 17:00:31 -0600
cleanup in markdown: better naming, misc fixes
Russ Ross russ@russross.com
Sun, 29 May 2011 11:43:18 -0600
comments on performance
Russ Ross russ@russross.com
Sun, 29 May 2011 09:30:57 -0600
fix smartypants and html entity escaping
Russ Ross russ@russross.com
Sat, 28 May 2011 22:50:33 -0600
escape entities when using smartypants
Russ Ross russ@russross.com
Sat, 28 May 2011 22:39:22 -0600
return result instead of taking buffer as input
Russ Ross russ@russross.com
Sat, 28 May 2011 22:37:12 -0600
features list
Russ Ross russ@russross.com
Sat, 28 May 2011 21:43:17 -0600
mdash
Russ Ross russ@russross.com
Sat, 28 May 2011 21:34:02 -0600
readme file
Russ Ross russ@russross.com
Sat, 28 May 2011 21:33:16 -0600
refactored into a proper package
Russ Ross russ@russross.com
Sat, 28 May 2011 21:17:53 -0600
smartypants
Russ Ross russ@dixie.edu
Sat, 28 May 2011 17:37:18 -0600
cleanup
Russ Ross russ@russross.com
Sat, 28 May 2011 13:00:47 -0600
compatibility fixes
Russ Ross russ@russross.com
Sat, 28 May 2011 09:49:21 -0600
output matches upskirt for markdown test suite
Russ Ross russ@dixie.edu
Fri, 27 May 2011 16:12:21 -0600
fixing link parsing
Russ Ross russ@russross.com
Fri, 27 May 2011 13:38:10 -0600
basics working, still a few renderers to write
Russ Ross russ@russross.com
Thu, 26 May 2011 22:27:33 -0600
parsing done but untested
Russ Ross russ@russross.com
Thu, 26 May 2011 14:22:59 -0600
working on inline parsing
Russ Ross russ@russross.com
Thu, 26 May 2011 12:10:16 -0600
emph parsing
Russ Ross russ@russross.com
Thu, 26 May 2011 09:47:41 -0600
reference extraction
Russ Ross russ@russross.com
Thu, 26 May 2011 08:28:14 -0600
setup, starting reference handling
Russ Ross russ@russross.com
Wed, 25 May 2011 20:46:16 -0600
fixed ordered lists
Russ Ross russ@dixie.edu
Wed, 25 May 2011 16:00:01 -0600
all block-level parsers
Russ Ross russ@dixie.edu
Wed, 25 May 2011 15:41:25 -0600
working on listitem
Russ Ross russ@russross.com
Wed, 25 May 2011 13:59:30 -0600
initial commit
Russ Ross russ@russross.com
Tue, 24 May 2011 16:14:35 -0600
integrate tests for markdown 1.0.3 test files by comparing them with reference files rendered with upskirt (no extensions)
Krzysztof Kowalczyk kkowalczyk@gmail.com
Wed, 01 Jun 2011 16:47:32 -0700
Add some HTML5
moshee moshee@displaynone.us
Sun, 21 Oct 2012 21:28:31 -0700
HTML5 doctype, Wrap TOC with <nav> <nav> makes the TOC more easily identifiable and workable with CSS.
moshee moshee@displaynone.us
Sun, 21 Oct 2012 21:23:44 -0700
Fix html tag ordering in doc string.
Caleb Spare cespare@gmail.com
Thu, 22 Nov 2012 12:52:52 -0800
Fix up method documentation formatting.
Caleb Spare cespare@gmail.com
Thu, 22 Nov 2012 12:12:08 -0800
fix table syntax example
Alif Rachmawadi subosito@gmail.com
Sun, 05 May 2013 10:35:09 +0700
Improve html element stripping code
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Thu, 18 Apr 2013 03:15:47 +0300
Fix typo
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:44:18 +0300
Add HTML_SKIP_SCRIPT to MarkdownCommon
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:43:21 +0300
Couple more tests
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:42:47 +0300
More <script> stripping Partially addresses issue #11.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 23:24:30 +0300
Add an option to strip <script> elements Partially addresses issue #11.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:57:16 +0300
Make isHtmlTag() case insensitive
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:34:37 +0300
Extract repetitive code to a func
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:26:29 +0300
Fix bug in isHtmlTag() Fix what seems to be a typo. j should iterate through all tagname, so it should be initialized to zero. The test exposes this bug.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:21:47 +0300
Make a way to parameterize inline tests Expose extensions and html flags parameters so that tests could specify what code paths they want to exercise.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:18:14 +0300
parser no longer returns prematurely from empty footnote ref
moshee moshee@displaynone.us
Mon, 08 Jul 2013 22:34:12 +0000
leftover debug stuff
moshee moshee@displaynone.us
Mon, 08 Jul 2013 09:42:29 +0000
added slice bounds check
moshee moshee@displaynone.us
Mon, 08 Jul 2013 06:54:25 +0000
Implementation and some tests for inline footnotes. Also I noticed the list items had the wrong ids, that was silly of me.
moshee moshee@displaynone.us
Mon, 01 Jul 2013 01:37:52 +0000
Referenced footnotes appear to be functional. Inline still unimplemented.
moshee moshee@displaynone.us
Wed, 26 Jun 2013 16:09:27 +0000
new tests pass but old tests now fail...
moshee moshee@displaynone.us
Wed, 26 Jun 2013 15:57:51 +0000
First attempt at supporting Pandoc-style footnotes. The existing tests have not broken but the new functionality does not work yet.
moshee moshee@displaynone.us
Tue, 25 Jun 2013 01:18:47 +0000
add testcase for GFM autolink
athom athom@126.com
Fri, 09 Aug 2013 17:24:26 +0800
make autolink peforms like GFM
athom athom@126.com
Fri, 09 Aug 2013 16:28:35 +0800
add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM(Github flavor Markdown)
athom athom@126.com
Tue, 30 Jul 2013 10:32:11 +0800
Fix typo.
Antoine Grondin antoinegrondin@gmail.com
Sun, 01 Sep 2013 10:59:06 -0700
Image inside a link now works.
Alex Xandra Albert Sim bertzzie@gmail.com
Mon, 09 Sep 2013 12:51:46 +0700
Added test for link inside image
Alex Xandra Albert Sim bertzzie@gmail.com
Mon, 09 Sep 2013 12:51:20 +0700
Updated tests to check for th tags instead of td tags within thead blocks
David Kitchen david@buro9.com
Thu, 17 Oct 2013 10:35:44 +0100
Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this)
David Kitchen david@buro9.com
Wed, 16 Oct 2013 11:36:33 +0100
Tests for links when using HTML_SAFELINK
Darren Coxall darren@darrencoxall.com
Thu, 19 Dec 2013 10:00:47 +0000
Relative URIs are considered safe
Darren Coxall darren.coxall@simplybusiness.co.uk
Mon, 09 Dec 2013 14:41:37 +0000