Merge pull request #76 from mprobst/self-closing feat: Write self-closing tags with a />
Vytautas Šaltenis vytas@rtfb.lt
Sat, 03 May 2014 15:11:53 +0300
Merge pull request #75 from mprobst/sanitize_test Avoid raw mode parsing so that tags like <script> don't cause escaping
Vytautas Šaltenis vytas@rtfb.lt
Sat, 03 May 2014 15:11:41 +0300
Merge pull request #74 from mprobst/sanitize_test Add a test for the correct handling of escaped entities in HTML.
Vytautas Šaltenis vytas@rtfb.lt
Sat, 03 May 2014 13:58:03 +0300
Merge pull request #71 from mprobst/master Add support for a bunch more safe HTML element tags, and bring them into...
Vytautas Šaltenis vytas@rtfb.lt
Fri, 02 May 2014 00:55:47 +0300
Merge pull request #70 from mprobst/master fix: Handle all different token types that the parser can emit (d'oh).
Vytautas Šaltenis vytas@rtfb.lt
Thu, 01 May 2014 21:59:07 +0300
Merge branch 'gihnius-master'
Vytautas Šaltenis vytas@rtfb.lt
Thu, 01 May 2014 21:46:51 +0300
Allow rel attribute in sanitizer Fixes issue #68.
Vytautas Šaltenis vytas@rtfb.lt
Thu, 01 May 2014 20:49:49 +0300
Merge pull request #69 from mprobst/master Use go.net/html's parser to sanitize HTML.
Vytautas Šaltenis vytas@rtfb.lt
Thu, 01 May 2014 20:47:17 +0300
Merge pull request #64 from willnix/master Add table tags to the whitelist.
Vytautas Šaltenis vytas@rtfb.lt
Sun, 20 Apr 2014 23:15:54 +0300
Merge pull request #61 from shurcooL/feature/dont-expand-tabs-inside-fenced-code-blocks Don't expand tabs inside fenced code blocks.
Vytautas Šaltenis vytas@rtfb.lt
Sun, 13 Apr 2014 10:56:02 +0300
Merge pull request #60 from shurcooL/fix/fenced-code-block-extra-newline Fix for potential extra newline added inside fenced code blocks.
Vytautas Šaltenis vytas@rtfb.lt
Sat, 12 Apr 2014 21:58:08 +0300
Merge pull request #59 from johnsto/master Header ID specifiers
Vytautas Šaltenis vytas@rtfb.lt
Fri, 11 Apr 2014 21:31:27 +0300
Merge pull request #56 from muhqu/issue/45 Fix for Fenced Code Blocks without a blank line before
Vytautas Šaltenis vytas@rtfb.lt
Tue, 08 Apr 2014 13:00:13 +0300
Merge pull request #58 from aspic/master Explicit return byte array at end of function.
Vytautas Šaltenis vytas@rtfb.lt
Sat, 05 Apr 2014 21:48:09 +0300
Merge pull request #55 from rtfb/master Autolink fixes
Vytautas Šaltenis vytas@rtfb.lt
Sun, 30 Mar 2014 19:58:39 +0300
Merge pull request #50 from rtfb/master Better protection against JavaScript injection
Vytautas Šaltenis vytas@rtfb.lt
Sun, 30 Mar 2014 19:52:13 +0300
Merge pull request #52 from laslowh/master add HTML_NOFOLLOW_LINKS
Vytautas Šaltenis vytas@rtfb.lt
Mon, 10 Mar 2014 21:47:35 +0200
Merge pull request #44 from FreakyDazio/safe-relatives Relative URIs are considered safe
Vytautas Šaltenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:51:13 -0800
Merge pull request #43 from microcosm-cc/master Cells in THEAD > TR are now TH.
Vytautas Šaltenis vytas@rtfb.lt
Wed, 08 Jan 2014 11:46:30 -0800
Change GOROOT references to GOPATH in README
Russ Ross russ@russross.com
Thu, 21 Nov 2013 08:47:41 -0700
fix smartypants to pass single backticks through, issue #38
Russ Ross russ@dixie.edu
Tue, 01 Oct 2013 13:55:34 -0600
panic fix (issue #33) with test case
Russ Ross russ@dixie.edu
Wed, 11 Sep 2013 12:47:43 -0600
Merge pull request #32 from bertzzie/master Enable Parsing Inside a Link
Lancee LY.lancee@gmail.com
Sun, 08 Sep 2013 23:16:18 -0700
Merge pull request #31 from aybabtme/patch-1 Fix typo.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 01 Sep 2013 11:56:32 -0700
update license language to match OSI
Russ Ross russ@russross.com
Wed, 14 Aug 2013 07:43:17 -0600
Merge pull request #29 from athom/master add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 10 Aug 2013 13:13:13 -0700
Merge pull request #27 from moshee/master Footnotes (addresses #14)
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Mon, 08 Jul 2013 23:03:42 -0700
Merge pull request #22 from rtfb/master Add some protection against script injection
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Tue, 21 May 2013 13:19:17 -0700
Merge pull request #24 from subosito/sample-fixes Fix table syntax example on README
Russ Ross russ@russross.com
Mon, 20 May 2013 15:15:38 -0700
Merge pull request #16 from cespare/blockcodegithub_doc_fix Fix up method documentation formatting for the BlockCodeGithub method.
Russ Ross russ@russross.com
Thu, 22 Nov 2012 18:00:19 -0800
Merge pull request #15 from moshee/master HTML5
Russ Ross russ@russross.com
Mon, 22 Oct 2012 06:39:47 -0700
recognize fraction slash as well as regular slash to make fractions
Russ Ross russ@russross.com
Sun, 11 Mar 2012 16:10:42 -0600
link directly to blackfriday-tool
Russ Ross russ@russross.com
Wed, 07 Mar 2012 22:12:46 -0700
readme updates for go 1
Russ Ross russ@russross.com
Wed, 07 Mar 2012 22:06:07 -0700
updates for go 1
Russ Ross russ@russross.com
Wed, 07 Mar 2012 21:36:31 -0700
version bump to v1.1
Russ Ross russ@russross.com
Mon, 26 Sep 2011 15:45:49 -0600
permit backslash-escaped vertical bars in tables
Russ Ross russ@dixie.edu
Tue, 13 Sep 2011 16:23:24 -0600
fixed bug with blank line handling within list items
Russ Ross russ@dixie.edu
Fri, 09 Sep 2011 12:30:45 -0600
table unit tests and fix for a crash uncovered by them
Russ Ross russ@russross.com
Mon, 25 Jul 2011 11:39:02 -0600
bug in tables when a row has too few columns
Russ Ross russ@russross.com
Mon, 25 Jul 2011 10:23:31 -0600
tag as version 1.0
Russ Ross russ@russross.com
Tue, 19 Jul 2011 11:42:24 -0600
additional doc comments
Russ Ross russ@russross.com
Thu, 07 Jul 2011 12:05:29 -0600
doc improvements, commenting
Russ Ross russ@russross.com
Thu, 07 Jul 2011 11:56:45 -0600
readme tweak
Russ Ross russ@russross.com
Wed, 06 Jul 2011 10:04:30 -0600
readme updates
Russ Ross russ@russross.com
Wed, 06 Jul 2011 10:01:13 -0600
simplify naming of parsing functions
Russ Ross russ@russross.com
Tue, 05 Jul 2011 14:22:21 -0600
finished removing redundant end-of-buffer checks in block parsing; code cleanup
Russ Ross russ@russross.com
Mon, 04 Jul 2011 18:56:29 -0600
bounds checking stress tests
Russ Ross russ@russross.com
Sun, 03 Jul 2011 10:51:07 -0600
missing bounds check
Russ Ross russ@russross.com
Sun, 03 Jul 2011 10:30:28 -0600
removing more redundant checks, additional cleanup of block parsing
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 14:13:26 -0600
more consistent spacing of block-level elements
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 11:19:42 -0600
remove redundant tests for tab characters in parsing
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 10:03:03 -0600
remove NO_EXPAND_TABS options
Russ Ross russ@dixie.edu
Fri, 01 Jul 2011 09:57:11 -0600
removing redundant end-of-buffer checks in block parsing
Russ Ross russ@russross.com
Wed, 29 Jun 2011 20:15:58 -0600
move whitespace stripping to parser, not renderers
Russ Ross russ@russross.com
Wed, 29 Jun 2011 15:38:35 -0600
corner case spacing issue with table of contents
Russ Ross russ@russross.com
Wed, 29 Jun 2011 13:24:15 -0600
simplify inline callback interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 13:00:54 -0600
version bump to 0.6
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:22:20 -0600
inline helpers put parser arg first
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:21:46 -0600
Renderer is now an interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 11:13:17 -0600
preparing for switch to rendering interface
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:43:10 -0600
table of contents support beefed up
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:36:56 -0600
complete page rendering is now an option in the library
Russ Ross russ@dixie.edu
Wed, 29 Jun 2011 10:08:56 -0600
refactoring: inline renderers return bools, preparing rendering struct to become an interface
Russ Ross russ@russross.com
Tue, 28 Jun 2011 19:46:35 -0600
render -> Parser, made parsing functions methods of *Parser
Russ Ross russ@russross.com
Tue, 28 Jun 2011 18:58:53 -0600
camel case
Russ Ross russ@russross.com
Tue, 28 Jun 2011 16:02:12 -0600
added simplified interface for common usage
Russ Ross russ@russross.com
Tue, 28 Jun 2011 15:55:27 -0600
version number, few more options for command-line tool
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 11:30:10 -0600
example markdown binary: try to guess a title
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:58:37 -0600
options to supress tab expansion or to expand tabs to 8 spaces instead of 4
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:58:10 -0600
fenced code: ending marker must match beginning marker, tests for fenced code blocks
Russ Ross russ@dixie.edu
Tue, 28 Jun 2011 10:30:25 -0600
readme tweak
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:15:12 -0600
README tweak
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:14:13 -0600
simplified BSD license
Russ Ross russ@russross.com
Mon, 27 Jun 2011 20:11:32 -0600
preformatted html block tests
Russ Ross russ@russross.com
Mon, 27 Jun 2011 19:35:40 -0600
tests for ordered lists
Russ Ross russ@russross.com
Mon, 27 Jun 2011 18:03:54 -0600
horizontal rule and list testing
Russ Ross russ@russross.com
Mon, 27 Jun 2011 16:06:32 -0600
more robust whitespace stripping and matching corrections to tests
Russ Ross russ@russross.com
Mon, 27 Jun 2011 16:06:16 -0600
fixed minor bugs uncovered by more testing
Russ Ross russ@russross.com
Mon, 27 Jun 2011 14:35:11 -0600
unit tests for underlined headers, improved whitespace handling for the same
Russ Ross russ@dixie.edu
Mon, 27 Jun 2011 11:42:38 -0600
fixed headers nested in lists, added prefix header unit tests
Russ Ross russ@dixie.edu
Mon, 27 Jun 2011 10:13:13 -0600
eliminate a buffering level for paragraphs
Russ Ross russ@russross.com
Sun, 26 Jun 2011 17:21:11 -0600
clean up main markdown function: split out first and second passes
Russ Ross russ@russross.com
Sun, 26 Jun 2011 09:51:36 -0600
refactoring: newlines as hard breaks changed from HTML option to global markdown option
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:45:51 -0600
refactoring paragraph rendering
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:18:34 -0600
reduce copying for lists
Russ Ross russ@russross.com
Sat, 25 Jun 2011 15:02:46 -0600
experiment: render headers directly to output buffer to avoid a copy; minor speed boost
Russ Ross russ@russross.com
Sat, 25 Jun 2011 08:20:08 -0600
dumb tweak that gives a little speed bump
Russ Ross russ@russross.com
Fri, 24 Jun 2011 21:53:46 -0600
rewrite of attrEscape: cleaner and faster
Russ Ross russ@russross.com
Fri, 24 Jun 2011 19:11:06 -0600
enable profiling from command-line tool
Russ Ross russ@russross.com
Fri, 24 Jun 2011 17:13:42 -0600
fraction example in readme
Russ Ross russ@russross.com
Fri, 24 Jun 2011 16:42:17 -0600
more inline unit tests
Russ Ross russ@russross.com
Fri, 24 Jun 2011 16:39:50 -0600
output validates, command-line tool has useful options
Russ Ross russ@russross.com
Fri, 24 Jun 2011 11:50:03 -0600
improved (hopefully) smart quote handling
Russ Ross russ@dixie.edu
Wed, 22 Jun 2011 15:40:58 -0600
convert test files to unix format, fix a few broken ones
Russ Ross russ@dixie.edu
Fri, 10 Jun 2011 09:41:00 -0600
unit test for linebreaks
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:55 -0600
tab expansion bug
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:40 -0600
fix test name conflicts
Russ Ross russ@russross.com
Wed, 01 Jun 2011 18:52:24 -0600
Merge pull request #2 from kjk/markdown-tests integrate tests for markdown 1.0.3 test files by comparing them with refe
Russ Ross russross
Wed, 01 Jun 2011 17:24:11 -0700
starting inline unit tests, fix a few minor bugs they exposed
Russ Ross russ@russross.com
Wed, 01 Jun 2011 12:17:17 -0600
readme updates
Russ Ross russ@russross.com
Tue, 31 May 2011 16:31:36 -0600
comments, minor cleanups
Russ Ross russ@russross.com
Tue, 31 May 2011 16:28:07 -0600
rewrote the stinking pile of code that was blockParagraph
Russ Ross russ@russross.com
Tue, 31 May 2011 16:07:15 -0600
tab expansion fixed to handle multibyte unicode characters
Russ Ross russ@dixie.edu
Tue, 31 May 2011 12:04:58 -0600
gofmt
Russ Ross russ@dixie.edu
Tue, 31 May 2011 11:49:49 -0600
allocate new buffers on stack; mild speed improvement
Russ Ross russ@dixie.edu
Tue, 31 May 2011 11:11:04 -0600
export all names from Renderer struct This enables new back-ends that are not part of the package Basically a big search-and-replace for this commit
Russ Ross russ@russross.com
Mon, 30 May 2011 21:44:52 -0600
performance fix: with autolinking on, it is almost twice as fast now
Russ Ross russ@russross.com
Mon, 30 May 2011 15:36:31 -0600
remove dependency on less function
Russ Ross russ@russross.com
Mon, 30 May 2011 14:42:38 -0600
readme tweak
Russ Ross russ@russross.com
Mon, 30 May 2011 11:15:56 -0600
rudimentary latex backend, additional cleanup
Russ Ross russ@russross.com
Mon, 30 May 2011 11:06:20 -0600
split parser into multiple files, clean up naming
Russ Ross russ@russross.com
Sun, 29 May 2011 17:00:31 -0600
cleanup in markdown: better naming, misc fixes
Russ Ross russ@russross.com
Sun, 29 May 2011 11:43:18 -0600
comments on performance
Russ Ross russ@russross.com
Sun, 29 May 2011 09:30:57 -0600
fix smartypants and html entity escaping
Russ Ross russ@russross.com
Sat, 28 May 2011 22:50:33 -0600
escape entities when using smartypants
Russ Ross russ@russross.com
Sat, 28 May 2011 22:39:22 -0600
return result instead of taking buffer as input
Russ Ross russ@russross.com
Sat, 28 May 2011 22:37:12 -0600
features list
Russ Ross russ@russross.com
Sat, 28 May 2011 21:43:17 -0600
mdash
Russ Ross russ@russross.com
Sat, 28 May 2011 21:34:02 -0600
readme file
Russ Ross russ@russross.com
Sat, 28 May 2011 21:33:16 -0600
refactored into a proper package
Russ Ross russ@russross.com
Sat, 28 May 2011 21:17:53 -0600
smartypants
Russ Ross russ@dixie.edu
Sat, 28 May 2011 17:37:18 -0600
cleanup
Russ Ross russ@russross.com
Sat, 28 May 2011 13:00:47 -0600
compatibility fixes
Russ Ross russ@russross.com
Sat, 28 May 2011 09:49:21 -0600
output matches upskirt for markdown test suite
Russ Ross russ@dixie.edu
Fri, 27 May 2011 16:12:21 -0600
fixing link parsing
Russ Ross russ@russross.com
Fri, 27 May 2011 13:38:10 -0600
basics working, still a few renderers to write
Russ Ross russ@russross.com
Thu, 26 May 2011 22:27:33 -0600
parsing done but untested
Russ Ross russ@russross.com
Thu, 26 May 2011 14:22:59 -0600
working on inline parsing
Russ Ross russ@russross.com
Thu, 26 May 2011 12:10:16 -0600
emph parsing
Russ Ross russ@russross.com
Thu, 26 May 2011 09:47:41 -0600
reference extraction
Russ Ross russ@russross.com
Thu, 26 May 2011 08:28:14 -0600
setup, starting reference handling
Russ Ross russ@russross.com
Wed, 25 May 2011 20:46:16 -0600
fixed ordered lists
Russ Ross russ@dixie.edu
Wed, 25 May 2011 16:00:01 -0600
all block-level parsers
Russ Ross russ@dixie.edu
Wed, 25 May 2011 15:41:25 -0600
working on listitem
Russ Ross russ@russross.com
Wed, 25 May 2011 13:59:30 -0600
initial commit
Russ Ross russ@russross.com
Tue, 24 May 2011 16:14:35 -0600
integrate tests for markdown 1.0.3 test files by comparing them with reference files rendered with upskirt (no extensions)
Krzysztof Kowalczyk kkowalczyk@gmail.com
Wed, 01 Jun 2011 16:47:32 -0700
Add some HTML5
moshee moshee@displaynone.us
Sun, 21 Oct 2012 21:28:31 -0700
HTML5 doctype, Wrap TOC with <nav> <nav> makes the TOC more easily identifiable and workable with CSS.
moshee moshee@displaynone.us
Sun, 21 Oct 2012 21:23:44 -0700
Fix html tag ordering in doc string.
Caleb Spare cespare@gmail.com
Thu, 22 Nov 2012 12:52:52 -0800
Fix up method documentation formatting.
Caleb Spare cespare@gmail.com
Thu, 22 Nov 2012 12:12:08 -0800
fix table syntax example
Alif Rachmawadi subosito@gmail.com
Sun, 05 May 2013 10:35:09 +0700
Improve html element stripping code
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Thu, 18 Apr 2013 03:15:47 +0300
Fix typo
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:44:18 +0300
Add HTML_SKIP_SCRIPT to MarkdownCommon
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:43:21 +0300
Couple more tests
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sun, 14 Apr 2013 01:42:47 +0300
More <script> stripping Partially addresses issue #11.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 23:24:30 +0300
Add an option to strip <script> elements Partially addresses issue #11.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:57:16 +0300
Make isHtmlTag() case insensitive
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:34:37 +0300
Extract repetitive code to a func
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:26:29 +0300
Fix bug in isHtmlTag() Fix what seems to be a typo. j should iterate through all tagname, so it should be initialized to zero. The test exposes this bug.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:21:47 +0300
Make a way to parameterize inline tests Expose extensions and html flags parameters so that tests could specify what code paths they want to exercise.
Vytautas Šaltenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 22:18:14 +0300
parser no longer returns prematurely from empty footnote ref
moshee moshee@displaynone.us
Mon, 08 Jul 2013 22:34:12 +0000
leftover debug stuff
moshee moshee@displaynone.us
Mon, 08 Jul 2013 09:42:29 +0000
added slice bounds check
moshee moshee@displaynone.us
Mon, 08 Jul 2013 06:54:25 +0000
Implementation and some tests for inline footnotes. Also I noticed the list items had the wrong ids, that was silly of me.
moshee moshee@displaynone.us
Mon, 01 Jul 2013 01:37:52 +0000
Referenced footnotes appear to be functional. Inline still unimplemented.
moshee moshee@displaynone.us
Wed, 26 Jun 2013 16:09:27 +0000
new tests pass but old tests now fail...
moshee moshee@displaynone.us
Wed, 26 Jun 2013 15:57:51 +0000
First attempt at supporting Pandoc-style footnotes. The existing tests have not broken but the new functionality does not work yet.
moshee moshee@displaynone.us
Tue, 25 Jun 2013 01:18:47 +0000
add testcase for GFM autolink
athom athom@126.com
Fri, 09 Aug 2013 17:24:26 +0800
make autolink peforms like GFM
athom athom@126.com
Fri, 09 Aug 2013 16:28:35 +0800
add EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK flag to make it closer to GFM(Github flavor Markdown)
athom athom@126.com
Tue, 30 Jul 2013 10:32:11 +0800
Fix typo.
Antoine Grondin antoinegrondin@gmail.com
Sun, 01 Sep 2013 10:59:06 -0700
Image inside a link now works.
Alex Xandra Albert Sim bertzzie@gmail.com
Mon, 09 Sep 2013 12:51:46 +0700
Added test for link inside image
Alex Xandra Albert Sim bertzzie@gmail.com
Mon, 09 Sep 2013 12:51:20 +0700
Updated tests to check for th tags instead of td tags within thead blocks
David Kitchen david@buro9.com
Thu, 17 Oct 2013 10:35:44 +0100
Added th to table headers so that styling with things like Twitter Bootstrap and typeset.css work as expected. Cells in headers should always be TH unless they are advisory cells within headers in which case TD is acceptable (but being Markdown a user with such needs could just enter HTML for this)
David Kitchen david@buro9.com
Wed, 16 Oct 2013 11:36:33 +0100
Tests for links when using HTML_SAFELINK
Darren Coxall darren@darrencoxall.com
Thu, 19 Dec 2013 10:00:47 +0000
Relative URIs are considered safe
Darren Coxall darren.coxall@simplybusiness.co.uk
Mon, 09 Dec 2013 14:41:37 +0000
add HTML_NOFOLLOW_LINKS
Graham Miller graham.miller@gmail.com
Tue, 25 Feb 2014 09:21:57 -0500
Add a note about JavaScript injections to README
Vytautas Šaltenis vytas@rtfb.lt
Mon, 17 Feb 2014 21:08:10 +0200
Rename HTML_SKIP_SCRIPT to HTML_SANITIZE_OUTPUT
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 01:23:43 +0200
Rewrite protection against JavaScript injection This drops the naive approach at <script> tag stripping and resorts to full sanitization of html. The general idea (and the regexps) is grabbed from Stack Exchange's PageDown JavaScript Markdown processor[1]. Like in PageDown, it's implemented as a separate pass over resulting html. Includes a metric ton (but not all) of test cases from here[2]. Several are commented out since they don't pass yet. Stronger (but still incomplete) fix for #11. [1] http://code.google.com/p/pagedown/wiki/PageDown [2] https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 01:14:35 +0200
Extract useful code to separate func
Vytautas Šaltenis vytas@rtfb.lt
Wed, 22 Jan 2014 00:45:43 +0200
Fix bug in autolink with trailing semicolon In case the link ends with escaped html entity, the semicolon is a part of the link and should not be interpreted as punctuation.
Vytautas Šaltenis vytas@rtfb.lt
Sun, 26 Jan 2014 23:40:26 +0200
Fix bug in autolink overescaping html entities If autolink encounters a link which already has an escaped html entity, it would escape the ampersand again, producing things like these: & --> &amp; " --> &quot; This commit solves that by first looking for all entity-looking things in the link and copying those ranges verbatim, only considering the rest of the string for escaping. Doesn't seem to have considerable performance impact. The mailto: links are processed the old way.
Vytautas Šaltenis vytas@rtfb.lt
Sun, 26 Jan 2014 21:39:38 +0200
Extract a chain of ifs into separate func This gives a ~10% slowdown of a full test run, which is tolerable. Switch statement is still slightly slower (~5%). Using map turned out to be unacceptably slow (~3x slowdown).
Vytautas Šaltenis vytas@rtfb.lt
Sun, 26 Jan 2014 21:27:34 +0200
go fmt
Vytautas Šaltenis vytas@rtfb.lt
Sun, 26 Jan 2014 21:21:25 +0200
Fix bug in autolink termination Detect the end of link when it is immediately followed by an element.
Vytautas Šaltenis vytas@rtfb.lt
Sat, 25 Jan 2014 21:59:38 +0200
Fix bug with overzealous autolink processing When the source Markdown contains an anchor tag with URL as link text (i.e. <a href=...>http://foo.bar</a>), autolink converts that link text into another anchor tag, which is nonsense. Detect this situation with regexp and early exit autolink processing.
Vytautas Šaltenis vytas@rtfb.lt
Sat, 25 Jan 2014 21:42:34 +0200
Explicit return byte array at end of function.
Kjetil Mehl aspic@mehl.no
Sat, 05 Apr 2014 16:59:28 +0200
Revert "add an infinity-loop detection to block-level parsing" This reverts commit 0c62e28e900533ff5d0376fac2e5b0c4894e1fa3.
Mathias Leppich mleppich@muhqu.de
Tue, 08 Apr 2014 11:51:17 +0200
optimisation: only fix fenced code blocks if the extensions parser flag is set... ;-)
Mathias Leppich mleppich@muhqu.de
Tue, 01 Apr 2014 23:14:31 +0200
out-comment stderr debug output
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 22:30:38 +0200
add some stderr output to reference stress tests
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 22:29:24 +0200
fix issue #45: 'Fenced Code Blocks without a blank line before' Add missing newline between paragraph and fenced code block within `firstPass()`.
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 21:57:58 +0200
add error message when panic has been raised within `doTestsBlock()`
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 21:59:20 +0200
add an infinity-loop detection to block-level parsing
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 00:04:45 +0100
add test cases for issue #45
Mathias Leppich mleppich@muhqu.de
Sun, 30 Mar 2014 22:00:26 +0200
Also support header IDs in ## headers ##
Dave Johnston johnsto@gmail.com
Sun, 06 Apr 2014 10:30:40 +0100
Correctly emit trailing header ID brace
Dave Johnston johnsto@gmail.com
Sat, 05 Apr 2014 20:59:03 +0100
Add Header IDs to default extensions
Dave Johnston johnsto@gmail.com
Sat, 05 Apr 2014 20:45:57 +0100
Add header ID support and tests: # Header {#myid}
Dave Johnston johnsto@gmail.com
Sat, 05 Apr 2014 20:42:58 +0100
Fix bug where newlines were inserted inside fenced code blocks. Change firstPass() code that checks for fenced code blocks to check all of them and properly keep track of lastFencedCodeBlockEnd. This way, it won't misinterpret the end of a fenced code block as a beginning of a new one.
Dmitri Shuralyov shurcooL@gmail.com
Fri, 11 Apr 2014 21:27:28 -0700
Add failing test for an issue introduced by PR #56. The issue is that when there are more than 1 fenced code blocks with a blank line before and after, the parser introduces a single extra new line to all the fenced code blocks except the last one.
Dmitri Shuralyov shurcooL@gmail.com
Fri, 11 Apr 2014 19:54:55 -0700
Don't expand tabs inside fenced code blocks. Still do normalize newlines inside fenced code blocks.
Dmitri Shuralyov shurcooL@gmail.com
Sat, 12 Apr 2014 14:45:25 -0700
tagWhitelist allows alignment attribute now This is the closest I could get to removing everything "unsave" without introducing an additional regex.
willnix frieder.steinmetz@gmail.com
Sat, 19 Apr 2014 21:59:04 +0000
Add table tags to the whitelist. Fixing: https://github.com/russross/blackfriday/commit/55cd82008e9b35b9a03a80e06d5a4c4601320211 This commit introduced a html tag whitelist which does not include any table tags (<td>,<tr>,<thead>...). Therefore even tables the markdown parser itself generated will be removed.
willnix frieder.steinmetz@gmail.com
Thu, 17 Apr 2014 15:44:40 +0000
Use go.net/html's parser to sanitize HTML. Use an HTML5 compliant parser that interprets HTML as a browser would to parse the Markdown result and then sanitize based on the result. Escape unrecognized and disallowed HTML in the result. Currently works with a hard coded whitelist of safe HTML tags and attributes.
Martin Probst martin@probst.io
Sun, 27 Apr 2014 23:40:44 +0200
Merge branch 'master' of github.com:gihnius/blackfriday into gihnius-master Conflicts: html.go inline_test.go
Vytautas Šaltenis vytas@rtfb.lt
Thu, 01 May 2014 21:43:42 +0300
test: add nofollow ref for non internal links only
gihnius gihnius@gmail.com
Fri, 21 Mar 2014 11:17:31 +0800
add nofollow ref for non internal links only
gihnius gihnius@gmail.com
Fri, 21 Mar 2014 11:14:58 +0800
add target blank attr
gihnius gihnius@gmail.com
Fri, 21 Mar 2014 10:52:46 +0800
fix: Handle all different token types that the parser can emit (d'oh).
Martin Probst martin@probst.io
Thu, 01 May 2014 20:55:53 +0200
Add support for a bunch more safe HTML element tags, and bring them into some order.
Martin Probst martin@probst.io
Thu, 01 May 2014 22:08:32 +0200
Add a test for the correct handling of escaped entities in HTML. The sanitization code does not retain any particular escaped entities - it parses the HTML and thus loses the information on what entities were in the original. The result is correct UTF-8 HTML though.
Martin Probst martin@probst.io
Sat, 03 May 2014 12:34:16 +0200
Avoid raw mode parsing so that raw mode tags like <script> don't cause issues. Certain tags like <script> but also <title> and others switch an HTML5 parser into raw mode, which causes the rest of the HTML string to be always parsed as text, including any elements or entities that we do want to support (e.g. <p>). As we're going to escape any of the raw text elements anyway (it's e.g. script, style, title, xmp, noframes, and a couple of others) we can just switch of raw text parsing by disabling it after each starting tag.
Martin Probst martin@probst.io
Sat, 03 May 2014 12:58:25 +0200
feat: Write self-closing tags with a /> Adds tests for self-closing tags both for correct writing and for correct sanitization, i.e. stripping attributes on them.
Martin Probst martin@probst.io
Sat, 03 May 2014 12:58:25 +0200