mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity

add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch

Browse Source
This commit is contained in:
Aidan Woods
2017-05-09 19:22:58 +01:00
parent c63b690a79
commit b1e5aebaf6
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/ParsedownTest.php
View File

@@ -46,7 +46,7 @@ class ParsedownTest extends PHPUnit_Framework_TestCase
$expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
$expectedMarkup = str_replace("\r", "\n", $expectedMarkup);
$this->Parsedown->setMarkupEscaped($test === 'xss_text_encoding');
$this->Parsedown->setSafeMode(substr($test, 0, 3) === 'xss');
$actualMarkup = $this->Parsedown->text($markdown);

2
test/data/inline_link.html
View File

@@ -1,5 +1,5 @@
<p><a href="http://example.com">link</a></p>
<p><a href="/url-%28parentheses%29">link</a> with parentheses in URL </p>
<p><a href="/url-(parentheses)">link</a> with parentheses in URL </p>
<p>(<a href="/index.php">link</a>) in parentheses</p>
<p><a href="http://example.com"><code>link</code></a></p>
<p><a href="http://example.com"><img src="http://parsedown.org/md.png" alt="MD Logo" /></a></p>