f70d96479a
Add test case for email surrounded by tags
2018-03-09 16:48:32 +00:00
e2f3961f80
Add test case to make sure issue 232 no longer exists
2018-02-28 23:25:38 +05:30
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
...
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
...
Loose lists
2018-02-28 17:05:00 +00:00
722b776684
Test multiple multiline lists
2018-01-29 14:38:19 +01:00
7fd92a8fbd
update tests
2018-01-29 14:38:19 +01:00
4404201175
Properly support fenced code block infostring
...
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content
2017-05-10 16:57:18 +01:00
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch
2017-05-09 19:22:58 +01:00
054ba3c487
urlencode urls that are potentially unsafe:
...
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)
this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
af04ac92e2
add xss tests
2017-05-01 03:33:49 +01:00
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
932bafe0f0
update test for new feature
2016-10-04 17:43:37 +01:00
ac857809ab
update test for new feature
2016-10-04 17:41:57 +01:00
c145a75848
update test for new feature
2016-10-04 15:44:50 +01:00
b828fe7c8d
Fixes #283
2015-02-03 13:58:47 -08:00
ffd9d3b407
improve tests
2015-01-24 14:37:40 +02:00
e94ecf4adc
resolve #277
2015-01-24 14:21:55 +02:00
4d3079b908
resolve #274
2015-01-24 14:03:05 +02:00
b4a8eb3315
resolve #156
2015-01-16 00:04:18 +02:00
a06cdfb814
improve fix for #184
2015-01-15 21:32:18 +02:00
6bee326c92
resolve #184
2015-01-15 21:10:09 +02:00
9ed72ccd09
resolve #126
2015-01-15 02:24:39 +02:00
859b1b10c1
update tests
2015-01-12 02:57:20 +02:00
06135cd75a
improve CommonMark compliance
2015-01-10 02:45:51 +02:00
38cc1ca7e0
resolve #251
2014-12-16 13:58:33 +02:00
ac68800717
improve extensibility
2014-12-15 01:07:29 +02:00
7ab3c60a77
improve CommonMark compliance
2014-12-02 22:23:43 +02:00
5bc6d90f8b
resolve #248
2014-11-28 14:03:12 +02:00
9816507a75
markup should preserve empty lines
2014-11-19 20:18:56 +02:00
f91e4dece3
improve consistency
2014-09-26 13:06:40 +03:00
512cc1f065
Limit generated headlines to h6
2014-08-25 21:06:03 +02:00
1127681d56
Allow slashes in HTML attributes
2014-08-13 23:54:52 +03:00
d24439ada0
improve test suite
2014-05-21 23:20:46 +03:00
2da10d277b
resolve #105
2014-05-14 13:14:49 +03:00
532b5ede35
resolve #129
2014-05-14 01:11:05 +03:00
4dde57451d
fix consecutive reference links
2014-05-06 17:05:49 +03:00
cc94c1b584
resolve #167
2014-05-02 18:21:10 +03:00
521803cdcd
resolve #136
2014-05-01 02:42:01 +03:00
e373391e7d
resolve #164
2014-05-01 00:29:21 +03:00
9fa415bcc5
resolve #160
2014-04-28 21:54:38 +03:00
37416b5f07
simplify folder name
2014-04-28 21:53:34 +03:00
