1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Commit Graph

443 Commits

Author SHA1 Message Date
Aidan Woods
e6444bb57e
Add unsafeHtml option for extensions to use on trusted input 2018-03-15 10:48:38 +00:00
Aidan Woods
a3265e7c6f
Merge pull request #511 from aidantwoods/feature/null-name-element
Allow element to have no name
2018-03-15 09:41:16 +00:00
Aidan Woods
6830c3339f
Readability
Thanks @PhrozenByte for the suggestion :)
2018-03-09 17:38:41 +00:00
Aidan Woods
19f1bb9353
Disable backtracking where the regex doesn't need it 2018-03-09 17:06:14 +00:00
Aidan Woods
721b885dd3
Fix #565 by validating email as defined in commonmark spec 2018-03-09 17:05:42 +00:00
Luiz Paulo "Bills
9857334186
bump version 2018-03-07 22:04:55 -03:00
Luiz Paulo "Bills
ae7e8e5067
bump version 2018-03-07 21:51:35 -03:00
Aidan Woods
72d30d33bc
allow element to have no name 2018-03-01 01:17:32 +00:00
Aidan Woods
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
Aidan Woods
c192001a7e
Merge pull request #433 from aidantwoods/patch-3
Fix Issue #358 – preventing double nested links
2018-02-28 17:05:58 +00:00
Aidan Woods
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
Loose lists
2018-02-28 17:05:00 +00:00
Emanuil Rusev
6678d59be4
Merge pull request #495 from aidantwoods/anti-xss
Prevent various XSS attacks [rebase and update of #276]
2018-02-28 13:41:37 +02:00
Aidan Woods
0e1043a8d6
consistent li items for loose list 2018-01-29 14:38:19 +01:00
Emanuil Rusev
296ebf0e60
Merge pull request #429 from pablotheissen/patch-1
Support html tags containing dashes
2017-11-19 11:15:43 +02:00
Aidan Woods
4404201175
Properly support fenced code block infostring
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
Aidan Woods
6a4afac0d0
remove ability for htmlblock to allow paragraph after if it closes on the same line 2017-06-22 00:02:03 +01:00
Aidan Woods
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Aidan Woods
bbb7687f31
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create) 2017-05-09 19:31:36 +01:00
Aidan Woods
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods
c63b690a79
remove duplicates 2017-05-09 14:50:15 +01:00
Aidan Woods
226f636360
remove $safe flag 2017-05-07 13:45:59 +01:00
Aidan Woods
2e4afde68d
faster check substr at beginning of string 2017-05-06 16:32:51 +01:00
Aidan Woods
dc30cb441c
add more protocols to the whitelist 2017-05-05 21:32:27 +01:00
Aidan Woods
054ba3c487
urlencode urls that are potentially unsafe:
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
Aidan Woods
4bae1c9834
whitelist regex for good attribute (no
no chars that could form a delimiter allowed
2017-05-03 00:39:01 +01:00
Aidan Woods
aee3963e6b
jpeg, not jpg 2017-05-02 19:55:03 +01:00
Aidan Woods
4dc98b635d
whitelist changes:
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
  "data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
2017-05-02 19:48:25 +01:00
Aidan Woods
e4bb12329e
array_keys is probably faster 2017-05-02 01:32:24 +01:00
Aidan Woods
6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely 2017-05-02 00:48:48 +01:00
Aidan Woods
131ba75851
filter onevent attributes 2017-05-01 15:44:04 +01:00
Aidan Woods
6bb66db00f
anti-xss
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
2017-05-01 03:25:07 +01:00
naNuke
b3d45c4bb9 Add html escaping to all attributes capable of holding user input. 2017-05-01 02:00:38 +01:00
naNuke
1d4296f34d Customizable whitelist of schemas for safeLinks 2017-05-01 01:58:34 +01:00
naNuke
bf5105cb1a Improve safeLinks with whitelist. 2017-05-01 01:58:34 +01:00
naNuke
1140613fc7 Prevent various XSS attacks 2017-05-01 01:58:34 +01:00
Aidan Woods
d7956e3ade
blockmarkup ends on interrupt by newline (CommonMark compliance) 2017-03-29 18:25:56 +01:00
Emanuil Rusev
1bf24f7334 add kbd to text-level elements 2017-03-29 19:04:15 +03:00
Marek Skiba
7081afe8cb Removed double semicolon 2017-03-02 12:43:51 +01:00
Aidan Woods
0172d779d7 Trim surrounding whitespace from URL in inlineLink
Fixes https://github.com/erusev/parsedown-extra/issues/103
2017-01-21 11:06:41 +00:00
gene_sis
48351504de adjust two regex pattern within inlineLink() to reduce backtracking
add test with base64 image
2017-01-07 00:45:38 +01:00
Daniel Rudolf
a3836b1853
Handle subsequent list items which aren't indented sufficiently
Subsequent list items which aren't indented sufficiently are treated as part of the original list, see CommonMark spec example [#256](http://spec.commonmark.org/0.26/#example-256).
2016-10-13 20:44:02 +02:00
Daniel Rudolf
a9e1163c85
Fix code formatting 2016-10-13 19:52:38 +02:00
Daniel Rudolf
7b1529fff0
Use the list marker width to determine whether a list item is continued
This basically represents [list item parsing](http://spec.commonmark.org/0.26/#list-items), rule 1 of the CommonMark specs.
2016-10-13 19:51:32 +02:00
Daniel Rudolf
1d61f90bf9
Support list items starting with indented code 2016-10-13 19:47:06 +02:00
Daniel Rudolf
4b3b7df710
Support list items starting with a blank line
According to the CommonMark specs ([list items](http://spec.commonmark.org/0.26/#list-items), rule 3), list items starting with a blank line basically behave like as if the \n doesn't exist. Also see example [#241](http://spec.commonmark.org/0.26/#example-241).
2016-10-13 19:46:29 +02:00
Daniel Rudolf
30ff5c6e75
Remove unused $placeholder variable 2016-10-13 19:31:35 +02:00
Daniel Rudolf
bdf537e9d5
Fix ordered list start argument
See CommonMark spec examples [#226](http://spec.commonmark.org/0.26/#example-226) to #229
2016-10-13 19:30:50 +02:00
Daniel Rudolf
81025cd468
Revert "Break less previously passed CommonMarkWeak tests"
This reverts commit 2db3199510.
2016-10-13 19:25:43 +02:00
Daniel Rudolf
e691034861
Revert "Prevent failure with data set 77 in CommonMarkWeak"
This reverts commit 0a43799da4.
2016-10-13 19:25:37 +02:00
Daniel Rudolf
eb853da92a
Revert "Prevent breaking remaining previously compliant CommonMarkWeak tests"
This reverts commit 6973302ca8.
2016-10-13 19:25:30 +02:00
Aidan Woods
6973302ca8 Prevent breaking remaining previously compliant CommonMarkWeak tests 2016-10-13 15:55:13 +01:00
Aidan Woods
0a43799da4 Prevent failure with data set 77 in CommonMarkWeak 2016-10-13 14:29:52 +01:00
Aidan Woods
2db3199510 Break less previously passed CommonMarkWeak tests 2016-10-12 18:10:44 +01:00
Aidan Woods
d26b33c20f Add ) as an ordered list marker
Also added marker check to ordered list case when deciding to continue the current list
2016-10-11 19:18:43 +01:00
Aidan Woods
0bd61a73ed Check that the current line is a list before starting a new one 2016-10-11 13:48:38 +01:00
Aidan Woods
06c4344a71 Contextual limits on indentation stripping 2016-10-11 13:38:47 +01:00
Aidan Woods
c4d4a6800d (beginning to) improve commonmark compliance:lists
These changes aren't fit for merge, nor do they work correctly (yet)
2016-10-11 12:05:33 +01:00
Aidan Woods
3aef89b399 Line handler may prevent specified element nesting
Swap `under_scores` for `camelCasing`
2016-10-08 17:54:04 +01:00
Aidan Woods
5c22531e4d Allow parsedown to specify list start attribute
Syntax preferences
2016-10-05 18:27:54 +01:00
Aidan Woods
3978e33fd0 Allow parsedown to specify list start attribute
Remove github added tabs on blank lines
2016-10-05 18:17:12 +01:00
Aidan Woods
a37797ef34 Allow parsedown to specify list start attribute
Syntax preferences to match surrounding code
2016-10-05 18:15:47 +01:00
Aidan Woods
e3cd271f16 Allow parsedown to specify list start attribute
Performance: Swap preg_replace for stristr to obtain list start
2016-10-05 15:44:34 +01:00
Aidan Woods
f0b7b61c16 Allow parsedown to specify list start attribute
Should fix compatibility for PHP 5.3
2016-10-05 11:36:27 +01:00
Aidan Woods
ed41fcf3d6 Allow parsedown to specify list start attribute
oops
2016-10-05 10:06:40 +01:00
Aidan Woods
1fa8fae301 Allow parsedown to specify list start attribute
Readability improvements
2016-10-05 10:03:21 +01:00
Aidan Woods
543a6c4175 Line handler may prevent specified element nesting
Check if array is empty to shave some performance hits in the case than no non nestables are present.
2016-10-04 18:59:36 +01:00
Aidan Woods
a81aedeb10 Line handler may prevent specified element nesting
Removed granularity controls – elements are assumed to be non nestable indefinitely once declared.
2016-10-04 15:27:11 +01:00
Aidan Woods
50952b3243 Line handler may prevent specified element nesting
This commit serves to add comments detailing parts of the new functionality, and to adjust syntax preferences to match that of the surrounding document. The commit title also now reflects the most significant change made.
2016-10-02 18:26:13 +01:00
Aidan Woods
4d3600f273 Extend disallowed assertion depth capabilities
I've built on the functionality of feature 1. in the previous commit to allow non nestables to be asserted indefinitely, or to a specified depth.
2016-10-02 17:37:08 +01:00
Aidan Woods
d6d5f53ff4 Fix Issue #358 – preventing double nested links
1. Add the ability for a parsed element to enforce that the line handler not parse any (immediate) child elements of a specified type.
2. Use 1. to allow parsed Url elements to tell the line handler not to parse any child Links or Urls where they are immediate children.
2016-10-01 15:56:14 +01:00
Aidan Woods
f17aa0438a Update Parsedown.php 2016-09-27 02:15:35 +01:00
Aidan Woods
38f4027d5e Update Parsedown.php
Okay, so maybe I should have looked 20 lines or so above where I made the edit in the element function – looks like it already supports adding attributes ;p
Have amended the change to blocklist to use the already existing functionality, and have reverted the change that I made to the element function.
2016-09-27 02:15:09 +01:00
Aidan Woods
2cee8d8a2d Update Parsedown.php
Looks like I might need to return the pattern which was used previously
Reverting last change as build still failed

This build will still fail, but I'm hoping it will only fair where the list start value has been inserted
2016-09-27 01:23:22 +01:00
Aidan Woods
cceefafd55 test
Attempting to determine which function change is causing test jobs to fail (in unexpected ways)
2016-09-27 01:16:00 +01:00
Aidan Woods
1c58e9d8d5 oops
oops
2016-09-27 00:57:57 +01:00
Aidan Woods
2772b034c6 Update Parsedown.php
(I think this should work)
Allow parsedown to specify list start attribute (see: https://github.com/erusev/parsedown/issues/100#issuecomment-249729602)
2016-09-27 00:53:51 +01:00
pablotheissen
1a44cbd62c Update Parsedown.php
Made parsedown compatible with html-tags containing dashes.
see https://github.com/erusev/parsedown/issues/407#issuecomment-248833563
2016-09-22 12:21:39 +02:00
Emanuil Rusev
490a8f35a4 remove incompatible comment 2016-03-09 19:02:39 +02:00
Andy Miller
e7443a2bd8 Fixed really sorry spelling errors 2015-12-18 20:45:14 -07:00
Andy Miller
10a7ff776c Left as-is 2015-12-17 10:48:21 -07:00
Andy Miller
5ad15b87fa Break out method_exists checks into extendable methods to allow for better pluggability 2015-12-17 10:46:44 -07:00
Andy Miller
b166cab9a2 Make lines protected to allow for extendability 2015-12-17 10:46:04 -07:00
Jesse Donat
e603c2378d Parsedown library shouldn't be executable 2015-10-20 15:16:36 -05:00
Emanuil Rusev
3ebbd730b5 1.6.0 2015-10-04 19:44:32 +03:00
Emanuil Rusev
fa005fdb95 Merge pull request #336 from hkdobrev/late-static-binding
Use late static binding for Parsedown::instance()
2015-08-13 15:16:23 +03:00
Haralan Dobrev
5f40cab3e7 Use late static binding for Parsedown::instance()
Fixes erusev/parsedown-extra#67.

This introduces PHP 5.3+ late static binding to the Singleton pattern in Parsedown.
It will return an instance of Parsedown which inherits the class which
called the `instance()` method rather than always returning instance of just `Parsedown`.

Tests are testing this feature with a test class which inherits from Parsedown.
Notice that calling `instance()` with the default arguments after an instance of
`Parsedown` was already created, it will return it even though it is from just
an instance of `Parsedown`. So this is fixing the problem just partially.
2015-08-13 13:29:33 +03:00
Emanuil Rusev
0e89e3714b 1.5.4 2015-08-03 12:24:05 +03:00
Emanuil Rusev
6b24125f06 clean up 2015-07-31 17:01:14 +03:00
Emanuil Rusev
a589bcac79 resolve #342 2015-07-31 01:33:21 +03:00
Emanuil Rusev
a9dfc97ddc opening code fence doesn't need 2 regex groups 2015-07-16 16:57:13 +03:00
Emanuil Rusev
ba802c1c8d replace the term "incomplete" 2015-07-02 01:01:14 +03:00
Emanuil Rusev
438874e9a8 improve line 2015-06-25 01:05:05 +03:00
Emanuil Rusev
e2bb3eaaf8 clean up 2015-06-15 12:28:35 +03:00
Emanuil Rusev
b9e5228e92 version 1.5.3 2015-04-29 23:22:24 +03:00
Gareth Evans
6736ba9a04 Fix check against $matches
Fixes inline reference links with int 0 as reference

The link [link][0] where [0] is set at the bottom of the md file current breaks and it's truthy value is false.
2015-04-20 16:24:11 +01:00
Jeff Standen
b828fe7c8d Fixes #283 2015-02-03 13:58:47 -08:00
Niklas Keller
cb8cc57742 Fixes #279 2015-02-02 00:58:24 +01:00
Emanuil Rusev
9da19c1108 version 1.5.1 2015-01-24 15:01:47 +02:00
Emanuil Rusev
e94ecf4adc resolve #277 2015-01-24 14:21:55 +02:00
Emanuil Rusev
4d3079b908 resolve #274 2015-01-24 14:03:05 +02:00
Emanuil Rusev
648419467a clean up 2015-01-21 01:32:20 +02:00
Emanuil Rusev
6ddb6b2b33 resolve #90 2015-01-19 17:11:13 +02:00
Emanuil Rusev
0008e69a83 clean up 2015-01-19 17:09:51 +02:00
Emanuil Rusev
c664785485 inline methods should be able to handle unmarked inline elements 2015-01-19 17:05:10 +02:00
Emanuil Rusev
bdf0ef024e setter variables should not be private 2015-01-18 19:38:57 +02:00
Emanuil Rusev
21a3e8790a no need for a separate method for every special character 2015-01-16 03:57:47 +02:00
Emanuil Rusev
e5e8d02934 improve order of methods 2015-01-16 03:18:07 +02:00
Emanuil Rusev
7ff0f97811 improve performance 2015-01-16 02:59:51 +02:00
Emanuil Rusev
596350d1f5 improve names of elements 2015-01-16 02:49:55 +02:00
Emanuil Rusev
2cbd3010e4 url elements should not be restricted to http 2015-01-16 02:31:58 +02:00
Emanuil Rusev
3b4aa6bff7 change the parsing order of tag elements to improve performance 2015-01-16 01:46:43 +02:00
Emanuil Rusev
05a8f16e95 improve CommonMark compliance 2015-01-16 01:44:35 +02:00
Emanuil Rusev
79d924040a improve CommonMark compliance 2015-01-16 01:24:02 +02:00
Emanuil Rusev
b4a8eb3315 resolve #156 2015-01-16 00:04:18 +02:00
Emanuil Rusev
4383cce85b resolve #143 2015-01-15 22:31:31 +02:00
Emanuil Rusev
ada39109e4 resolve #189 2015-01-15 22:04:02 +02:00
Emanuil Rusev
a06cdfb814 improve fix for #184 2015-01-15 21:32:18 +02:00
Emanuil Rusev
6bee326c92 resolve #184 2015-01-15 21:10:09 +02:00
Emanuil Rusev
f08d017bcb resolve #196 2015-01-15 02:45:45 +02:00
Emanuil Rusev
e61a6114b0 resolve #175 2015-01-15 02:37:20 +02:00
Emanuil Rusev
9ed72ccd09 resolve #126 2015-01-15 02:24:39 +02:00
Emanuil Rusev
09e1184d9f resolve #265 2015-01-15 00:56:12 +02:00
Emanuil Rusev
0d28808392 void markup blocks be marked 2015-01-12 23:24:13 +02:00
Emanuil Rusev
78960cf792 improve formatting 2015-01-12 18:53:24 +02:00
Emanuil Rusev
8f2e9c7cf6 definitions are blocks
in the old implementation it wasn’t possible to have multiline
definitions
2015-01-12 18:52:17 +02:00
Emanuil Rusev
3eb6d349f0 "src" and "alt" attributes should come first 2015-01-12 02:58:08 +02:00
Emanuil Rusev
08b01a1a29 blocks should be able to return markup 2015-01-12 02:55:00 +02:00
Emanuil Rusev
1686b2fbff we no longer call inline elements spans 2015-01-12 02:55:00 +02:00
Emanuil Rusev
15a32fcd0e no need to know the structure of markup blocks 2015-01-12 02:55:00 +02:00
Emanuil Rusev
9f58363e4b Merge pull request #260 from rhukster/master
Fix for Parsedown stripping classes on images supported by ParsedownExtra
2015-01-11 14:50:08 +02:00
naNuke
05bf198d26 breaksEnabled fix 2015-01-11 06:12:01 +01:00
Andy Miller
30234a58fa No longer needed in this solution 2015-01-10 19:44:30 -07:00
Andy Miller
03ff22c7df Attempted fix for stripped classes on images with ParsedownExtra - re: https://github.com/erusev/parsedown-extra/issues/32 2015-01-10 19:40:39 -07:00
Emanuil Rusev
e68a458105 improve consistency 2015-01-10 14:22:54 +02:00
Emanuil Rusev
06135cd75a improve CommonMark compliance 2015-01-10 02:45:51 +02:00
Emanuil Rusev
dfacf7a71a add urlsLinked setter 2015-01-08 16:13:55 +02:00
Emanuil Rusev
fd0d8125e7 introduce more structure to parsing of unmarked inlines 2015-01-08 15:19:43 +02:00
Emanuil Rusev
b1be886d65 improve names of protected members 2015-01-05 15:05:18 +02:00
Emanuil Rusev
19bc6a7083 update variable names to match updated member names 2015-01-05 14:22:06 +02:00
Emanuil Rusev
b5efe98e2f improve names of protected members 2015-01-05 14:22:06 +02:00
Emanuil Rusev
5639ef7d69 fix PHPDoc 2015-01-05 14:22:06 +02:00
Emanuil Rusev
d29d879ec6 separate parsing of inlines that don't have markers to improve simplicity 2015-01-04 18:37:24 +02:00
Emanuil Rusev
c9b4de3c9d resolve #253 2014-12-21 13:51:16 +02:00
Emanuil Rusev
38cc1ca7e0 resolve #251 2014-12-16 13:58:33 +02:00
Emanuil Rusev
23c4097fde restore support for PHP 5.2 2014-12-15 13:59:37 +02:00
Emanuil Rusev
ac68800717 improve extensibility 2014-12-15 01:07:29 +02:00
Emanuil Rusev
361febf7c6 improve CommonMark compliance 2014-12-15 00:52:03 +02:00
Emanuil Rusev
7ab3c60a77 improve CommonMark compliance 2014-12-02 22:23:43 +02:00
Emanuil Rusev
495e7ac73b resolve #247 2014-11-29 04:29:14 +02:00
Emanuil Rusev
5bc6d90f8b resolve #248 2014-11-28 14:03:12 +02:00