1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Commit Graph

84 Commits

Author SHA1 Message Date
Aidan Woods
913e04782f
Add failing test cases to be fixed 2018-03-25 22:50:16 +01:00
Aidan Woods
624a08b7eb
Update commment 2018-03-15 19:55:33 +00:00
Aidan Woods
3fc54bc966
Allow extension to "vouch" for raw HTML they produce
Rename "unsafeHtml" to "rawHtml"
2018-03-15 19:46:03 +00:00
Aidan Woods
ef7ed7b66c
Still grab the text if safe mode enabled, but output it escaped 2018-03-15 11:09:55 +00:00
Aidan Woods
e4c5be026d
Further attempt to dissuade this feature's use 2018-03-15 11:00:03 +00:00
Aidan Woods
e6444bb57e
Add unsafeHtml option for extensions to use on trusted input 2018-03-15 10:48:38 +00:00
Aidan Woods
f70d96479a
Add test case for email surrounded by tags 2018-03-09 16:48:32 +00:00
Hari KT
e2f3961f80 Add test case to make sure issue 232 no longer exists 2018-02-28 23:25:38 +05:30
Aidan Woods
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
Aidan Woods
48a053fe29
Merge pull request #423 from PhrozenByte/bugfix/CommonMarkTest
Fix CommonMark test
2018-02-28 17:05:24 +00:00
Aidan Woods
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
Loose lists
2018-02-28 17:05:00 +00:00
Emanuil Rusev
6678d59be4
Merge pull request #495 from aidantwoods/anti-xss
Prevent various XSS attacks [rebase and update of #276]
2018-02-28 13:41:37 +02:00
Aidan Woods
722b776684
Test multiple multiline lists 2018-01-29 14:38:19 +01:00
Aidan Woods
7fd92a8fbd
update tests 2018-01-29 14:38:19 +01:00
Daniel Rudolf
03e1a6ac02
Merge branch 'master' into bugfix/CommonMarkTest
Conflicts:
	.travis.yml
	test/CommonMarkTest.php
	test/ParsedownTest.php
	test/bootstrap.php
2017-11-14 22:09:25 +01:00
Gabriel Caruso
691e36b1f2 Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
Aidan Woods
4404201175
Properly support fenced code block infostring
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
Aidan Woods
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Aidan Woods
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods
054ba3c487
urlencode urls that are potentially unsafe:
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
Aidan Woods
af04ac92e2
add xss tests 2017-05-01 03:33:49 +01:00
Emanuil Rusev
4367f89a74 attempt to fix failing builds on 5.3 2017-03-29 19:30:24 +03:00
Emanuil Rusev
0a09d5ad45 update tests to reflect changes in phpunit 6.0 2017-03-23 20:21:18 +02:00
gene_sis
48351504de adjust two regex pattern within inlineLink() to reduce backtracking
add test with base64 image
2017-01-07 00:45:38 +01:00
Yoan Blanc
bc21988fe5
Fix include from ParsedownTest
I wasn't able to run all the tests from ParsedownExtra because of it.
2016-11-02 09:27:35 +01:00
Daniel Rudolf
a9f696f7bb
Improve CommonMark spec example regex
CommonMark spec example [#170](http://spec.commonmark.org/0.26/#example-170) has a empty HTML result.
2016-10-13 22:16:46 +02:00
Daniel Rudolf
2423644d72
Move test/CommonMarkTest.php to test/CommonMarkTestStrict.php
Add parameter `$id` to CommonMark tests
2016-10-12 02:02:55 +02:00
Aidan Woods
932bafe0f0 update test for new feature 2016-10-04 17:43:37 +01:00
Aidan Woods
ac857809ab update test for new feature 2016-10-04 17:41:57 +01:00
Aidan Woods
c145a75848 update test for new feature 2016-10-04 15:44:50 +01:00
Daniel Rudolf
73dbe2fd17
Remove PHPUnit bootstrap in favour of composer 2016-09-05 22:04:46 +02:00
Daniel Rudolf
33a23fbfb2
Refactor PHPUnit bootstrap
This allows Parsedown extensions (like Parsedown Extra) to reuse existing Parsedown tests. See erusev/parsedown-extra#96 for details.
2016-09-05 21:10:23 +02:00
Daniel Rudolf
228d5f4754
Improve test/CommonMarkTestWeak.php 2016-09-05 15:31:07 +02:00
Daniel Rudolf
2cacfb8da4
Improve test/CommonMarkTestWeak.php 2016-09-05 15:17:52 +02:00
Daniel Rudolf
d33e736fa3
Add test/CommonMarkTestWeak.php 2016-09-05 14:38:47 +02:00
Daniel Rudolf
3a46a31e09
Fix test/CommonMarkTest.php example regex 2016-09-05 14:37:34 +02:00
Daniel Rudolf
e1bcc1c472
Fix test/CommonMarkTest.php 2016-09-05 04:51:28 +02:00
Haralan Dobrev
5f40cab3e7 Use late static binding for Parsedown::instance()
Fixes erusev/parsedown-extra#67.

This introduces PHP 5.3+ late static binding to the Singleton pattern in Parsedown.
It will return an instance of Parsedown which inherits the class which
called the `instance()` method rather than always returning instance of just `Parsedown`.

Tests are testing this feature with a test class which inherits from Parsedown.
Notice that calling `instance()` with the default arguments after an instance of
`Parsedown` was already created, it will return it even though it is from just
an instance of `Parsedown`. So this is fixing the problem just partially.
2015-08-13 13:29:33 +03:00
Jeff Standen
b828fe7c8d Fixes #283 2015-02-03 13:58:47 -08:00
Emanuil Rusev
ffd9d3b407 improve tests 2015-01-24 14:37:40 +02:00
Emanuil Rusev
e94ecf4adc resolve #277 2015-01-24 14:21:55 +02:00
Emanuil Rusev
4d3079b908 resolve #274 2015-01-24 14:03:05 +02:00
Emanuil Rusev
b4a8eb3315 resolve #156 2015-01-16 00:04:18 +02:00
Emanuil Rusev
a06cdfb814 improve fix for #184 2015-01-15 21:32:18 +02:00
Emanuil Rusev
6bee326c92 resolve #184 2015-01-15 21:10:09 +02:00
Emanuil Rusev
9ed72ccd09 resolve #126 2015-01-15 02:24:39 +02:00
Emanuil Rusev
859b1b10c1 update tests 2015-01-12 02:57:20 +02:00
Emanuil Rusev
06135cd75a improve CommonMark compliance 2015-01-10 02:45:51 +02:00
Emanuil Rusev
7d3af6bf83 update commonmark test 2015-01-09 00:08:14 +02:00
Emanuil Rusev
38cc1ca7e0 resolve #251 2014-12-16 13:58:33 +02:00