mirror
/
parsedown
mirror of https://github.com/erusev/parsedown.git
1
0
Fork 0
Code Releases Activity
843 Commits 5 Branches 82 Tags 2.6 MiB
Commit Graph

117 Commits

Author SHA1 Message Date
Attila Vachter 113c6d2b21 Tilde characters may be escaped 2018-04-23 15:09:30 +02:00
Aidan Woods c440c91af5
Add failing test case 2018-04-09 16:32:36 +01:00
Aidan Woods e4cd13350b
Remove setLiteralBreaks 2018-04-09 15:11:45 +01:00
Aidan Woods 9a021b2130
Add failing test cases 2018-04-09 14:11:49 +01:00
Aidan Woods 9b7b7348b4
Merge pull request #598 from aidantwoods/enhancement/set-literal-breaks 
Add literalBreaks support
 2018-04-06 15:06:45 +01:00
Aidan Woods 38ea813b0e
Add failing test case 2018-04-05 16:54:35 +01:00
Aidan Woods 24e48e91c8
Add literalBreaks support 
Line breaks will be converted to <br />
 2018-04-05 01:01:52 +01:00
Aidan Woods 772c919b05
Fix bug where empty atx headings would not be recognised (CommonMark) 
Fixes #595
 2018-04-02 17:18:01 +01:00
Aidan Woods cf6d23de55
Rename hashtags enabled to strict mode 
We can use this to seperate any intentional spec deviations from
spec behaviour so users can pick between compatability and spec
implementations
 2018-04-02 17:18:01 +01:00
Nathan Baulch d0279cdd3b
Enable #hashtag support via setting 2018-04-02 17:18:01 +01:00
Nathan Baulch 8a90586218
Support #hashtag per CommonMark and GFM specs 2018-04-02 17:18:00 +01:00
Aidan Woods ce073c9baa
Merge pull request #576 from aidantwoods/enhancement/moar-ast 
Produce AST prior to render
 2018-03-31 23:11:45 +01:00
Aidan Woods 20e592359f
Add failing test case 2018-03-30 19:22:13 +01:00
Aidan Woods a3e02c1d0e
Add failing test case 2018-03-28 15:37:47 +01:00
Aidan Woods 07216480db
Change test to comply with CommonMark 2018-03-28 03:26:45 +01:00
Aidan Woods caea783006
Add failing test case 2018-03-28 03:24:01 +01:00
Aidan Woods d849d64611
Merge pull request #584 from aidantwoods/fix/tables 
Permit 1 column tables with less delimiters
 2018-03-27 23:18:41 +01:00
Aidan Woods 00e51ee424
Permit 1 column tables with less delimiters 2018-03-27 23:12:51 +01:00
Aidan Woods 1c52cb6b5e
Add failing test cases 2018-03-27 22:01:32 +01:00
Aidan Woods ae13290221
Merge pull request #574 from aidantwoods/fix/remove-legacy-escaping 
Remove legacy escaping
 2018-03-27 13:18:30 +01:00
Aidan Woods f594d4c18b
Add more tests for CommonMark compliance 2018-03-27 11:20:04 +01:00
Aidan Woods 21cdd8a0b3
Merge branch 'master' into patch-4 2018-03-27 11:13:06 +01:00
Aidan Woods cac63f6fcb
Merge pull request #578 from aidantwoods/fix/setext-heading-spaces 
Fix setext heading space handling
 2018-03-25 23:08:31 +01:00
Aidan Woods 913e04782f
Add failing test cases to be fixed 2018-03-25 22:50:16 +01:00
Aidan Woods 1a47e74be1
Quotes are permitted in escaped body 2018-03-25 19:59:05 +01:00
Aidan Woods d86d839677
Merge branch 'master' into fix/consistency_follow 2018-03-25 19:37:04 +01:00
Aidan Woods 098f24d189
Seperate handler delegation from AST 
This also splits 'text' into 'text', 'elements', and
'element' to hopefully better communicate structure
 2018-03-21 02:32:01 +00:00
Aidan Woods 624a08b7eb
Update commment 2018-03-15 19:55:33 +00:00
Aidan Woods 3fc54bc966
Allow extension to "vouch" for raw HTML they produce 
Rename "unsafeHtml" to "rawHtml"
 2018-03-15 19:46:03 +00:00
Aidan Woods ef7ed7b66c
Still grab the text if safe mode enabled, but output it escaped 2018-03-15 11:09:55 +00:00
Aidan Woods e4c5be026d
Further attempt to dissuade this feature's use 2018-03-15 11:00:03 +00:00
Aidan Woods e6444bb57e
Add unsafeHtml option for extensions to use on trusted input 2018-03-15 10:48:38 +00:00
Aidan Woods f70d96479a
Add test case for email surrounded by tags 2018-03-09 16:48:32 +00:00
Hari KT e2f3961f80 Add test case to make sure issue 232 no longer exists 2018-02-28 23:25:38 +05:30
Aidan Woods e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring 
Properly support fenced code block infostring
 2018-02-28 17:06:25 +00:00
Aidan Woods 48a053fe29
Merge pull request #423 from PhrozenByte/bugfix/CommonMarkTest 
Fix CommonMark test
 2018-02-28 17:05:24 +00:00
Aidan Woods 5057e505d8
Merge pull request #475 from aidantwoods/loose-lists 
Loose lists
 2018-02-28 17:05:00 +00:00
Emanuil Rusev 6678d59be4
Merge pull request #495 from aidantwoods/anti-xss 
Prevent various XSS attacks [rebase and update of #276]
 2018-02-28 13:41:37 +02:00
Aidan Woods 722b776684
Test multiple multiline lists 2018-01-29 14:38:19 +01:00
Aidan Woods 7fd92a8fbd
update tests 2018-01-29 14:38:19 +01:00
Daniel Rudolf 03e1a6ac02
Merge branch 'master' into bugfix/CommonMarkTest 
Conflicts:
	.travis.yml
	test/CommonMarkTest.php
	test/ParsedownTest.php
	test/bootstrap.php
 2017-11-14 22:09:25 +01:00
Gabriel Caruso 691e36b1f2 Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
Aidan Woods 4404201175
Properly support fenced code block infostring 
Reference: http://spec.commonmark.org/0.28/#info-string
 2017-08-20 10:28:46 +01:00
Daniel Berthereau 47e4163a68 Merge branch 'htmlblocks' of https://github.com/aidantwoods/parsedown into aidantwoods-htmlblocks 2017-06-23 00:00:00 +02:00
Aidan Woods c05bff047a
correct test to match CommonMark specified input for output 2017-06-22 00:03:12 +01:00
Daniel Berthereau 129f807e32 Inverted checks of consistency for markdown following markups. 2017-06-22 00:00:00 +02:00
Daniel Berthereau be963a6531 Added tests for consistency when a markdown follows a markup without blank line. 2017-06-19 00:00:00 +02:00
Aidan Woods 67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Aidan Woods b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods 054ba3c487
urlencode urls that are potentially unsafe: 
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript&colon;alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script&colon;alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `&colon;`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
 2017-05-03 17:01:27 +01:00