Aidan Woods
4dc98b635d
whitelist changes:
...
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
"data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
2017-05-02 19:48:25 +01:00
Aidan Woods
e4bb12329e
array_keys is probably faster
2017-05-02 01:32:24 +01:00
Aidan Woods
6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely
2017-05-02 00:48:48 +01:00
Aidan Woods
131ba75851
filter onevent attributes
2017-05-01 15:44:04 +01:00
Aidan Woods
af04ac92e2
add xss tests
2017-05-01 03:33:49 +01:00
Aidan Woods
6bb66db00f
anti-xss
...
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
2017-05-01 03:25:07 +01:00
naNuke
b3d45c4bb9
Add html escaping to all attributes capable of holding user input.
2017-05-01 02:00:38 +01:00
naNuke
1d4296f34d
Customizable whitelist of schemas for safeLinks
2017-05-01 01:58:34 +01:00
naNuke
bf5105cb1a
Improve safeLinks with whitelist.
2017-05-01 01:58:34 +01:00
naNuke
1140613fc7
Prevent various XSS attacks
2017-05-01 01:58:34 +01:00
Emanuil Rusev
4367f89a74
attempt to fix failing builds on 5.3
2017-03-29 19:30:24 +03:00
Emanuil Rusev
1bf24f7334
add kbd to text-level elements
2017-03-29 19:04:15 +03:00
Emanuil Rusev
0a09d5ad45
update tests to reflect changes in phpunit 6.0
2017-03-23 20:21:18 +02:00
Emanuil Rusev
3fc442b078
Merge pull request #484 from hkdobrev/patch-1
...
Add Symfony demo to "Who uses it?"
2017-03-10 09:41:24 +02:00
Haralan Dobrev
bd0e31a7dd
Add Symfony demo to "Who uses it?"
...
409a65b373/composer.json (L24)
2017-03-10 01:04:53 +02:00
Emanuil Rusev
dfaf03639a
Merge pull request #480 from pjona/patch-1
...
Removed double semicolon
2017-03-08 23:21:03 +02:00
Marek Skiba
7081afe8cb
Removed double semicolon
2017-03-02 12:43:51 +01:00
Emanuil Rusev
4b6493999a
Merge pull request #465 from aidantwoods/patch-8
...
Trim surrounding whitespace from URL in inlineLink
2017-01-23 09:45:19 +02:00
Aidan Woods
0172d779d7
Trim surrounding whitespace from URL in inlineLink
...
Fixes https://github.com/erusev/parsedown-extra/issues/103
2017-01-21 11:06:41 +00:00
Emanuil Rusev
cc5b38ca39
Merge pull request #459 from gene-sis/fix_inlineLink_regex
...
fix_inlineLink_regex
2017-01-07 16:51:03 +02:00
gene_sis
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
Emanuil Rusev
20ff8bbb57
Merge pull request #447 from greut/phpunit-from-extra
...
Fix include from ParsedownTest
2016-11-02 17:56:58 +02:00
Yoan Blanc
bc21988fe5
Fix include from ParsedownTest
...
I wasn't able to run all the tests from ParsedownExtra because of it.
2016-11-02 09:27:35 +01:00
Emanuil Rusev
e3c3e28554
Merge pull request #446 from jamesevickery/master
...
Grammar update
2016-10-25 17:39:55 +03:00
James Vickery
f053740132
Merge pull request #1 from erusev/master
...
Merge pull request #445 from jamesevickery/master
2016-10-25 15:24:11 +01:00
James Vickery
7a92a31739
Grammar update
2016-10-25 15:22:17 +01:00
Emanuil Rusev
6eca8796fb
Merge pull request #445 from jamesevickery/master
...
Tiny grammar correction
2016-10-25 17:21:57 +03:00
James Vickery
8876c0984e
Tiny grammar correction
2016-10-25 15:10:22 +01:00
Emanuil Rusev
cbc4b3f612
Merge pull request #436 from grogy/php71
...
Added PHP version 7.1 for tests
2016-10-09 13:04:16 +03:00
Václav Makeš
0080ef218e
Added PHP version 7.1 for tests
2016-10-09 01:58:47 +02:00
Emanuil Rusev
f4e0234af0
Merge pull request #431 from aidantwoods/patch-2
...
Allow parsedown to specify list start attribute
2016-10-05 22:55:34 +03:00
Aidan Woods
5c22531e4d
Allow parsedown to specify list start attribute
...
Syntax preferences
2016-10-05 18:27:54 +01:00
Aidan Woods
3978e33fd0
Allow parsedown to specify list start attribute
...
Remove github added tabs on blank lines
2016-10-05 18:17:12 +01:00
Aidan Woods
a37797ef34
Allow parsedown to specify list start attribute
...
Syntax preferences to match surrounding code
2016-10-05 18:15:47 +01:00
Aidan Woods
e3cd271f16
Allow parsedown to specify list start attribute
...
Performance: Swap preg_replace for stristr to obtain list start
2016-10-05 15:44:34 +01:00
Aidan Woods
f0b7b61c16
Allow parsedown to specify list start attribute
...
Should fix compatibility for PHP 5.3
2016-10-05 11:36:27 +01:00
Aidan Woods
ed41fcf3d6
Allow parsedown to specify list start attribute
...
oops
2016-10-05 10:06:40 +01:00
Aidan Woods
1fa8fae301
Allow parsedown to specify list start attribute
...
Readability improvements
2016-10-05 10:03:21 +01:00
Aidan Woods
932bafe0f0
update test for new feature
2016-10-04 17:43:37 +01:00
Aidan Woods
ac857809ab
update test for new feature
2016-10-04 17:41:57 +01:00
Aidan Woods
846274996a
Update ordered_list.html
2016-10-04 17:28:43 +01:00
Aidan Woods
c145a75848
update test for new feature
2016-10-04 15:44:50 +01:00
Aidan Woods
f17aa0438a
Update Parsedown.php
2016-09-27 02:15:35 +01:00
Aidan Woods
38f4027d5e
Update Parsedown.php
...
Okay, so maybe I should have looked 20 lines or so above where I made the edit in the element function – looks like it already supports adding attributes ;p
Have amended the change to blocklist to use the already existing functionality, and have reverted the change that I made to the element function.
2016-09-27 02:15:09 +01:00
Aidan Woods
2cee8d8a2d
Update Parsedown.php
...
Looks like I might need to return the pattern which was used previously
Reverting last change as build still failed
This build will still fail, but I'm hoping it will only fair where the list start value has been inserted
2016-09-27 01:23:22 +01:00
Aidan Woods
cceefafd55
test
...
Attempting to determine which function change is causing test jobs to fail (in unexpected ways)
2016-09-27 01:16:00 +01:00
Aidan Woods
1c58e9d8d5
oops
...
oops
2016-09-27 00:57:57 +01:00
Aidan Woods
2772b034c6
Update Parsedown.php
...
(I think this should work)
Allow parsedown to specify list start attribute (see: https://github.com/erusev/parsedown/issues/100#issuecomment-249729602 )
2016-09-27 00:53:51 +01:00
Emanuil Rusev
a2ed1592bd
Merge pull request #424 from hkdobrev/patch-1
...
Update URL to dependants
2016-09-05 16:55:29 +03:00
Haralan Dobrev
3d7a473aa9
Update URL to dependants
...
As Packagist has now implemented the feature of listing packages
depending on another package, VersionEye is no longer needed for that.
As VersionEye scrapes the Packagist API to do the same, the original
source of information should be preferred.
2016-09-05 16:38:38 +03:00