1a47e74be1
Quotes are permitted in escaped body
2018-03-25 19:59:05 +01:00
d86d839677
Merge branch 'master' into fix/consistency_follow
2018-03-25 19:37:04 +01:00
624a08b7eb
Update commment
2018-03-15 19:55:33 +00:00
3fc54bc966
Allow extension to "vouch" for raw HTML they produce
...
Rename "unsafeHtml" to "rawHtml"
2018-03-15 19:46:03 +00:00
ef7ed7b66c
Still grab the text if safe mode enabled, but output it escaped
2018-03-15 11:09:55 +00:00
e4c5be026d
Further attempt to dissuade this feature's use
2018-03-15 11:00:03 +00:00
e6444bb57e
Add unsafeHtml option for extensions to use on trusted input
2018-03-15 10:48:38 +00:00
f70d96479a
Add test case for email surrounded by tags
2018-03-09 16:48:32 +00:00
e2f3961f80
Add test case to make sure issue 232 no longer exists
2018-02-28 23:25:38 +05:30
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
...
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
48a053fe29
Merge pull request #423 from PhrozenByte/bugfix/CommonMarkTest
...
Fix CommonMark test
2018-02-28 17:05:24 +00:00
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
...
Loose lists
2018-02-28 17:05:00 +00:00
6678d59be4
Merge pull request #495 from aidantwoods/anti-xss
...
Prevent various XSS attacks [rebase and update of #276 ]
2018-02-28 13:41:37 +02:00
722b776684
Test multiple multiline lists
2018-01-29 14:38:19 +01:00
7fd92a8fbd
update tests
2018-01-29 14:38:19 +01:00
03e1a6ac02
Merge branch 'master' into bugfix/CommonMarkTest
...
Conflicts:
.travis.yml
test/CommonMarkTest.php
test/ParsedownTest.php
test/bootstrap.php
2017-11-14 22:09:25 +01:00
691e36b1f2
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-11 00:56:03 -02:00
4404201175
Properly support fenced code block infostring
...
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
47e4163a68
Merge branch 'htmlblocks' of https://github.com/aidantwoods/parsedown into aidantwoods-htmlblocks
2017-06-23 00:00:00 +02:00
c05bff047a
correct test to match CommonMark specified input for output
2017-06-22 00:03:12 +01:00
129f807e32
Inverted checks of consistency for markdown following markups.
2017-06-22 00:00:00 +02:00
be963a6531
Added tests for consistency when a markdown follows a markup without blank line.
2017-06-19 00:00:00 +02:00
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content
2017-05-10 16:57:18 +01:00
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch
2017-05-09 19:22:58 +01:00
054ba3c487
urlencode urls that are potentially unsafe:
...
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)
this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
af04ac92e2
add xss tests
2017-05-01 03:33:49 +01:00
1d0af35f10
update test to result generated by CommonMark reference parser
2017-03-29 18:26:07 +01:00
4367f89a74
attempt to fix failing builds on 5.3
2017-03-29 19:30:24 +03:00
0a09d5ad45
update tests to reflect changes in phpunit 6.0
2017-03-23 20:21:18 +02:00
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
bc21988fe5
Fix include from ParsedownTest
...
I wasn't able to run all the tests from ParsedownExtra because of it.
2016-11-02 09:27:35 +01:00
a9f696f7bb
Improve CommonMark spec example regex
...
CommonMark spec example [#170 ](http://spec.commonmark.org/0.26/#example-170 ) has a empty HTML result.
2016-10-13 22:16:46 +02:00
2423644d72
Move test/CommonMarkTest.php to test/CommonMarkTestStrict.php
...
Add parameter `$id` to CommonMark tests
2016-10-12 02:02:55 +02:00
932bafe0f0
update test for new feature
2016-10-04 17:43:37 +01:00
ac857809ab
update test for new feature
2016-10-04 17:41:57 +01:00
c145a75848
update test for new feature
2016-10-04 15:44:50 +01:00
73dbe2fd17
Remove PHPUnit bootstrap in favour of composer
2016-09-05 22:04:46 +02:00
33a23fbfb2
Refactor PHPUnit bootstrap
...
This allows Parsedown extensions (like Parsedown Extra) to reuse existing Parsedown tests. See erusev/parsedown-extra#96 for details.
2016-09-05 21:10:23 +02:00
228d5f4754
Improve test/CommonMarkTestWeak.php
2016-09-05 15:31:07 +02:00
2cacfb8da4
Improve test/CommonMarkTestWeak.php
2016-09-05 15:17:52 +02:00
d33e736fa3
Add test/CommonMarkTestWeak.php
2016-09-05 14:38:47 +02:00
3a46a31e09
Fix test/CommonMarkTest.php example regex
2016-09-05 14:37:34 +02:00
e1bcc1c472
Fix test/CommonMarkTest.php
2016-09-05 04:51:28 +02:00
5f40cab3e7
Use late static binding for Parsedown::instance()
...
Fixes erusev/parsedown-extra#67 .
This introduces PHP 5.3+ late static binding to the Singleton pattern in Parsedown.
It will return an instance of Parsedown which inherits the class which
called the `instance()` method rather than always returning instance of just `Parsedown`.
Tests are testing this feature with a test class which inherits from Parsedown.
Notice that calling `instance()` with the default arguments after an instance of
`Parsedown` was already created, it will return it even though it is from just
an instance of `Parsedown`. So this is fixing the problem just partially.
2015-08-13 13:29:33 +03:00
b828fe7c8d
Fixes #283
2015-02-03 13:58:47 -08:00
ffd9d3b407
improve tests
2015-01-24 14:37:40 +02:00
e94ecf4adc
resolve #277
2015-01-24 14:21:55 +02:00
4d3079b908
resolve #274
2015-01-24 14:03:05 +02:00
b4a8eb3315
resolve #156
2015-01-16 00:04:18 +02:00
a06cdfb814
improve fix for #184
2015-01-15 21:32:18 +02:00
