Aidan Woods
387ef63888
Replace array reduce with foreach loop for PHP 5.3 compat
2018-04-06 20:55:27 +01:00
Aidan Woods
68be90348c
Revert "Explicitly capture $this for PHP 5.3"
2018-04-06 20:50:34 +01:00
Aidan Woods
0039cd00f8
Explicitly capture $this for PHP 5.3
2018-04-06 20:40:25 +01:00
Aidan Woods
c6b717cc35
Merge pull request #604 from aidantwoods/fix/autobreak
...
Ensure autobreak false is honoured over empty name
2018-04-06 20:00:32 +01:00
Aidan Woods
8f3f61883d
Merge pull request #603 from aidantwoods/fix/recursion
...
Apply depth first
2018-04-06 19:57:55 +01:00
Aidan Woods
4c9ea94d0c
Apply depth first to avoid risk of segfault if closure creates subelements
2018-04-06 19:52:25 +01:00
Aidan Woods
32e69de014
Ensure autobreak false is honoured over empty name
2018-04-06 19:51:27 +01:00
Aidan Woods
201299ddc2
Merge pull request #602 from aidantwoods/enhancement/text-elements
...
Split some of `text` into `textElements`
2018-04-06 19:50:24 +01:00
Aidan Woods
557db7c179
Split some of text
into textElements
...
`process` is no longer needed
2018-04-06 18:11:27 +01:00
Aidan Woods
9b7b7348b4
Merge pull request #598 from aidantwoods/enhancement/set-literal-breaks
...
Add literalBreaks support
2018-04-06 15:06:45 +01:00
Aidan Woods
06b810cd4a
Fix fenced code block closer to match CommonMark rules
2018-04-05 16:55:14 +01:00
Aidan Woods
24e48e91c8
Add literalBreaks support
...
Line breaks will be converted to <br />
2018-04-05 01:01:52 +01:00
Aidan Woods
1c8f6bc253
Merge pull request #594 from aidantwoods/enhancement/ast-recursion-helper
...
Add recursive helper for AST
2018-04-02 19:53:58 +01:00
Aidan Woods
772c919b05
Fix bug where empty atx headings would not be recognised (CommonMark)
...
Fixes #595
2018-04-02 17:18:01 +01:00
Aidan Woods
cf6d23de55
Rename hashtags enabled to strict mode
...
We can use this to seperate any intentional spec deviations from
spec behaviour so users can pick between compatability and spec
implementations
2018-04-02 17:18:01 +01:00
Nathan Baulch
d0279cdd3b
Enable #hashtag support via setting
2018-04-02 17:18:01 +01:00
Nathan Baulch
8a90586218
Support #hashtag per CommonMark and GFM specs
2018-04-02 17:18:00 +01:00
Aidan Woods
390fa0da1b
This is probably faster than duplicating the closure
2018-04-01 17:55:32 +01:00
Aidan Woods
9026b1abdb
Add recursive helper for AST, use this for implementation of calling handler
...
recursively
2018-04-01 17:10:49 +01:00
Aidan Woods
535110c57e
Add process
method so extensions may process final AST without
...
copying implementation of `text`
2018-03-31 23:23:12 +01:00
Aidan Woods
ce073c9baa
Merge pull request #576 from aidantwoods/enhancement/moar-ast
...
Produce AST prior to render
2018-03-31 23:11:45 +01:00
Aidan Woods
e4d6c8f911
Add support for recursive handlers
2018-03-31 22:01:38 +01:00
Aidan Woods
aa90dd481a
Match CommonMark spec on HTML comments:
...
Start condition: line begins with the string `<!--`.
End condition: line contains the string `-->`.
2018-03-30 19:22:50 +01:00
Aidan Woods
9f1f5de387
Add recursive handle methods to generate entire AST for traversal
2018-03-28 20:59:56 +01:00
Aidan Woods
a9c21447ce
Only interrupt paragraph if starting with 1
2018-03-28 15:38:11 +01:00
Aidan Woods
40e797031e
Old handler compatability layer
2018-03-28 03:42:38 +01:00
Aidan Woods
92e426e0e8
Fix merging of adjacent blockquotes
2018-03-28 03:27:09 +01:00
Aidan Woods
d849d64611
Merge pull request #584 from aidantwoods/fix/tables
...
Permit 1 column tables with less delimiters
2018-03-27 23:18:41 +01:00
Aidan Woods
00e51ee424
Permit 1 column tables with less delimiters
2018-03-27 23:12:51 +01:00
Aidan Woods
790aed42ab
Fix trimming of internal #'s
2018-03-27 22:04:11 +01:00
Aidan Woods
ae13290221
Merge pull request #574 from aidantwoods/fix/remove-legacy-escaping
...
Remove legacy escaping
2018-03-27 13:18:30 +01:00
Aidan Woods
244ea0aaa6
Remove some whitespace
2018-03-27 12:11:00 +01:00
Aidan Woods
d2a73f9179
Trim whitespace
2018-03-27 11:23:04 +01:00
Aidan Woods
21cdd8a0b3
Merge branch 'master' into patch-4
2018-03-27 11:13:06 +01:00
Aidan Woods
cac63f6fcb
Merge pull request #578 from aidantwoods/fix/setext-heading-spaces
...
Fix setext heading space handling
2018-03-25 23:08:31 +01:00
Aidan Woods
f71bec00f4
Fix space handling in setext headings
2018-03-25 22:50:42 +01:00
Aidan Woods
1fa6b038af
PHP 5.3 compat
2018-03-25 20:00:31 +01:00
Aidan Woods
e59fbd736d
Remove 'markup' key exception for outputting via AST
2018-03-25 20:00:31 +01:00
Aidan Woods
8c14c5c239
Use rawHtml to provide conditional escaping for markup
2018-03-25 20:00:30 +01:00
Aidan Woods
0205a4cbe6
Use rawHtml to provide conditional escaping on special chars
2018-03-25 19:59:11 +01:00
Aidan Woods
011465bca6
Use rawHtml to provide conditional escaping for specialChars
2018-03-25 19:59:11 +01:00
Aidan Woods
adcba80502
Implement unmarked text via AST
2018-03-25 19:59:11 +01:00
Aidan Woods
65d7bc5013
Special casing for elements with no name
2018-03-25 19:59:11 +01:00
Aidan Woods
d86d839677
Merge branch 'master' into fix/consistency_follow
2018-03-25 19:37:04 +01:00
Aidan Woods
d5ded2b935
Decouple handler argument from structure keys
2018-03-21 16:02:57 +00:00
Aidan Woods
098f24d189
Seperate handler delegation from AST
...
This also splits 'text' into 'text', 'elements', and
'element' to hopefully better communicate structure
2018-03-21 02:32:01 +00:00
Aidan Woods
eb55e426b9
Initial refactor to use AST
2018-03-21 02:18:34 +00:00
Aidan Woods
88dc949890
Refactor based on suggestion by @PhrozenByte
2018-03-18 20:17:12 +00:00
Aidan Woods
3fc54bc966
Allow extension to "vouch" for raw HTML they produce
...
Rename "unsafeHtml" to "rawHtml"
2018-03-15 19:46:03 +00:00
Aidan Woods
ef7ed7b66c
Still grab the text if safe mode enabled, but output it escaped
2018-03-15 11:09:55 +00:00
Aidan Woods
e6444bb57e
Add unsafeHtml option for extensions to use on trusted input
2018-03-15 10:48:38 +00:00
Aidan Woods
a3265e7c6f
Merge pull request #511 from aidantwoods/feature/null-name-element
...
Allow element to have no name
2018-03-15 09:41:16 +00:00
Aidan Woods
6830c3339f
Readability
...
Thanks @PhrozenByte for the suggestion :)
2018-03-09 17:38:41 +00:00
Aidan Woods
19f1bb9353
Disable backtracking where the regex doesn't need it
2018-03-09 17:06:14 +00:00
Aidan Woods
721b885dd3
Fix #565 by validating email as defined in commonmark spec
2018-03-09 17:05:42 +00:00
Luiz Paulo "Bills
9857334186
bump version
2018-03-07 22:04:55 -03:00
Luiz Paulo "Bills
ae7e8e5067
bump version
2018-03-07 21:51:35 -03:00
Aidan Woods
72d30d33bc
allow element to have no name
2018-03-01 01:17:32 +00:00
Aidan Woods
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
...
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
Aidan Woods
c192001a7e
Merge pull request #433 from aidantwoods/patch-3
...
Fix Issue #358 – preventing double nested links
2018-02-28 17:05:58 +00:00
Aidan Woods
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
...
Loose lists
2018-02-28 17:05:00 +00:00
Emanuil Rusev
6678d59be4
Merge pull request #495 from aidantwoods/anti-xss
...
Prevent various XSS attacks [rebase and update of #276 ]
2018-02-28 13:41:37 +02:00
Aidan Woods
0e1043a8d6
consistent li items for loose list
2018-01-29 14:38:19 +01:00
Emanuil Rusev
296ebf0e60
Merge pull request #429 from pablotheissen/patch-1
...
Support html tags containing dashes
2017-11-19 11:15:43 +02:00
Aidan Woods
4404201175
Properly support fenced code block infostring
...
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
Aidan Woods
6a4afac0d0
remove ability for htmlblock to allow paragraph after if it closes on the same line
2017-06-22 00:02:03 +01:00
Aidan Woods
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content
2017-05-10 16:57:18 +01:00
Aidan Woods
bbb7687f31
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create)
2017-05-09 19:31:36 +01:00
Aidan Woods
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch
2017-05-09 19:22:58 +01:00
Aidan Woods
c63b690a79
remove duplicates
2017-05-09 14:50:15 +01:00
Aidan Woods
226f636360
remove $safe flag
2017-05-07 13:45:59 +01:00
Aidan Woods
2e4afde68d
faster check substr at beginning of string
2017-05-06 16:32:51 +01:00
Aidan Woods
dc30cb441c
add more protocols to the whitelist
2017-05-05 21:32:27 +01:00
Aidan Woods
054ba3c487
urlencode urls that are potentially unsafe:
...
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)
this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
Aidan Woods
4bae1c9834
whitelist regex for good attribute (no
...
no chars that could form a delimiter allowed
2017-05-03 00:39:01 +01:00
Aidan Woods
aee3963e6b
jpeg, not jpg
2017-05-02 19:55:03 +01:00
Aidan Woods
4dc98b635d
whitelist changes:
...
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
"data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
2017-05-02 19:48:25 +01:00
Aidan Woods
e4bb12329e
array_keys is probably faster
2017-05-02 01:32:24 +01:00
Aidan Woods
6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely
2017-05-02 00:48:48 +01:00
Aidan Woods
131ba75851
filter onevent attributes
2017-05-01 15:44:04 +01:00
Aidan Woods
6bb66db00f
anti-xss
...
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
2017-05-01 03:25:07 +01:00
naNuke
b3d45c4bb9
Add html escaping to all attributes capable of holding user input.
2017-05-01 02:00:38 +01:00
naNuke
1d4296f34d
Customizable whitelist of schemas for safeLinks
2017-05-01 01:58:34 +01:00
naNuke
bf5105cb1a
Improve safeLinks with whitelist.
2017-05-01 01:58:34 +01:00
naNuke
1140613fc7
Prevent various XSS attacks
2017-05-01 01:58:34 +01:00
Aidan Woods
d7956e3ade
blockmarkup ends on interrupt by newline (CommonMark compliance)
2017-03-29 18:25:56 +01:00
Emanuil Rusev
1bf24f7334
add kbd to text-level elements
2017-03-29 19:04:15 +03:00
Marek Skiba
7081afe8cb
Removed double semicolon
2017-03-02 12:43:51 +01:00
Aidan Woods
0172d779d7
Trim surrounding whitespace from URL in inlineLink
...
Fixes https://github.com/erusev/parsedown-extra/issues/103
2017-01-21 11:06:41 +00:00
gene_sis
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
Daniel Rudolf
a3836b1853
Handle subsequent list items which aren't indented sufficiently
...
Subsequent list items which aren't indented sufficiently are treated as part of the original list, see CommonMark spec example [#256 ](http://spec.commonmark.org/0.26/#example-256 ).
2016-10-13 20:44:02 +02:00
Daniel Rudolf
a9e1163c85
Fix code formatting
2016-10-13 19:52:38 +02:00
Daniel Rudolf
7b1529fff0
Use the list marker width to determine whether a list item is continued
...
This basically represents [list item parsing](http://spec.commonmark.org/0.26/#list-items ), rule 1 of the CommonMark specs.
2016-10-13 19:51:32 +02:00
Daniel Rudolf
1d61f90bf9
Support list items starting with indented code
2016-10-13 19:47:06 +02:00
Daniel Rudolf
4b3b7df710
Support list items starting with a blank line
...
According to the CommonMark specs ([list items](http://spec.commonmark.org/0.26/#list-items ), rule 3), list items starting with a blank line basically behave like as if the \n doesn't exist. Also see example [#241 ](http://spec.commonmark.org/0.26/#example-241 ).
2016-10-13 19:46:29 +02:00
Daniel Rudolf
30ff5c6e75
Remove unused $placeholder variable
2016-10-13 19:31:35 +02:00
Daniel Rudolf
bdf537e9d5
Fix ordered list start argument
...
See CommonMark spec examples [#226 ](http://spec.commonmark.org/0.26/#example-226 ) to #229
2016-10-13 19:30:50 +02:00
Daniel Rudolf
81025cd468
Revert "Break less previously passed CommonMarkWeak tests"
...
This reverts commit 2db3199510
.
2016-10-13 19:25:43 +02:00
Daniel Rudolf
e691034861
Revert "Prevent failure with data set 77 in CommonMarkWeak"
...
This reverts commit 0a43799da4
.
2016-10-13 19:25:37 +02:00
Daniel Rudolf
eb853da92a
Revert "Prevent breaking remaining previously compliant CommonMarkWeak tests"
...
This reverts commit 6973302ca8
.
2016-10-13 19:25:30 +02:00