mirror
/
parsedown
mirror of https://github.com/erusev/parsedown.git
1
0
Fork 0
Code Releases Activity
606 Commits 5 Branches 82 Tags 2.6 MiB
Commit Graph

606 Commits

Author SHA1 Message Date
Daniel Rudolf fa89f0d743
Add mbstring dependency to composer.json 2018-02-28 20:42:25 +01:00
Aidan Woods d638fd8a25
Merge pull request #560 from PhrozenByte/patch-2 
Travis: Issue build error when Parsedown::version isn't up-to-date
 2018-02-28 19:09:57 +00:00
Daniel Rudolf cc53d5ae29
Travis: Issue build error when Parsedown::version isn't up-to-date 2018-02-28 20:04:45 +01:00
Aidan Woods 45f40696f6
Merge pull request #559 from PhrozenByte/patch-1 
Update "Who uses it"
 2018-02-28 18:07:37 +00:00
Aidan Woods e8f3d4efc0
Merge pull request #558 from harikt/issue-232 
Add test case to make sure issue 232 no longer exists
 2018-02-28 18:02:14 +00:00
Daniel Rudolf 096e164756
Update README.md 
Sort "Who uses it" alphabetically, add Laravel + Pico
 2018-02-28 18:59:34 +01:00
Hari KT e2f3961f80 Add test case to make sure issue 232 no longer exists 2018-02-28 23:25:38 +05:30
Aidan Woods e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring 
Properly support fenced code block infostring
 2018-02-28 17:06:25 +00:00
Aidan Woods c192001a7e
Merge pull request #433 from aidantwoods/patch-3 
Fix Issue #358 – preventing double nested links
 2018-02-28 17:05:58 +00:00
Aidan Woods 48a053fe29
Merge pull request #423 from PhrozenByte/bugfix/CommonMarkTest 
Fix CommonMark test
 2018-02-28 17:05:24 +00:00
Aidan Woods 5057e505d8
Merge pull request #475 from aidantwoods/loose-lists 
Loose lists
 2018-02-28 17:05:00 +00:00
Emanuil Rusev 6678d59be4
Merge pull request #495 from aidantwoods/anti-xss 
Prevent various XSS attacks [rebase and update of #276]
 2018-02-28 13:41:37 +02:00
Emanuil Rusev c999a4b61b
improve readme 2018-01-29 20:55:30 +02:00
Emanuil Rusev e938ab4ffe
improve readme 2018-01-29 20:54:40 +02:00
Emanuil Rusev e69374af0d
improve readme 2018-01-29 20:52:27 +02:00
Aidan Woods 722b776684
Test multiple multiline lists 2018-01-29 14:38:19 +01:00
Aidan Woods 7fd92a8fbd
update tests 2018-01-29 14:38:19 +01:00
Aidan Woods 0e1043a8d6
consistent li items for loose list 2018-01-29 14:38:19 +01:00
Emanuil Rusev 1196ed9512
Merge pull request #548 from m1guelpf-forks/patch-1 
Update license year
 2018-01-01 18:48:54 +02:00
Miguel Piedrafita 1244122b84
Update LICENSE.txt 2018-01-01 14:09:31 +01:00
Miguel Piedrafita d98d60aaf3
Update license year 2017-12-31 22:10:48 +01:00
Emanuil Rusev 296ebf0e60
Merge pull request #429 from pablotheissen/patch-1 
Support html tags containing dashes
 2017-11-19 11:15:43 +02:00
Emanuil Rusev a60ba300b1
Merge pull request #540 from jbafford/patch-1 
Fix typo in README
 2017-11-15 10:31:22 +02:00
John Bafford 089789dfff
Fix typo in README 2017-11-14 17:13:31 -05:00
Daniel Rudolf 03e1a6ac02
Merge branch 'master' into bugfix/CommonMarkTest 
Conflicts:
	.travis.yml
	test/CommonMarkTest.php
	test/ParsedownTest.php
	test/bootstrap.php
 2017-11-14 22:09:25 +01:00
Emanuil Rusev fbe3fe878f
Merge pull request #539 from gabriel-caruso/phpunit 
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
 2017-11-14 22:44:03 +02:00
Gabriel Caruso 09827f542c Rewrite Travis CI 2017-11-14 15:19:24 -02:00
Gabriel Caruso 70ef6f5521 Make Travis CI use installed PHPUnit version, not global one 2017-11-14 13:21:11 -02:00
Gabriel Caruso 691e36b1f2 Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
Emanuil Rusev af6affdc2c
improve readme 2017-11-06 16:54:00 +02:00
Emanuil Rusev 9cf41f27ab improve readme 2017-10-22 16:01:34 +03:00
Emanuil Rusev 16aadff2ed improve readme 2017-10-22 16:00:43 +03:00
Emanuil Rusev 07c937583d improve readme 2017-10-22 15:57:58 +03:00
Aidan Woods 4404201175
Properly support fenced code block infostring 
Reference: http://spec.commonmark.org/0.28/#info-string
 2017-08-20 10:28:46 +01:00
Emanuil Rusev 728952b90a Merge pull request #499 from aidantwoods/fix/hhvm 
Fix hhvm build failure
 2017-05-14 17:47:48 +03:00
Aidan Woods c82af01bd6
add sudo false 2017-05-14 14:39:09 +01:00
Aidan Woods 67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Emanuil Rusev 593ffd45a3 Merge pull request #406 from adrilo/patch-1 
Create .gitattributes
 2017-05-10 12:28:53 +03:00
Aidan Woods bbb7687f31
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create) 2017-05-09 19:31:36 +01:00
Aidan Woods b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods c63b690a79
remove duplicates 2017-05-09 14:50:15 +01:00
Aidan Woods 226f636360
remove $safe flag 2017-05-07 13:45:59 +01:00
Aidan Woods 2e4afde68d
faster check substr at beginning of string 2017-05-06 16:32:51 +01:00
Aidan Woods dc30cb441c
add more protocols to the whitelist 2017-05-05 21:32:27 +01:00
Emanuil Rusev f76b10aaab update readme 2017-05-04 10:28:55 +03:00
Aidan Woods 054ba3c487
urlencode urls that are potentially unsafe: 
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
 2017-05-03 17:01:27 +01:00
Aidan Woods 4bae1c9834
whitelist regex for good attribute (no 
no chars that could form a delimiter allowed
 2017-05-03 00:39:01 +01:00
Aidan Woods aee3963e6b
jpeg, not jpg 2017-05-02 19:55:03 +01:00
Aidan Woods 4dc98b635d
whitelist changes: 
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
  "data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
 2017-05-02 19:48:25 +01:00
Aidan Woods e4bb12329e
array_keys is probably faster 2017-05-02 01:32:24 +01:00