mirror of
https://github.com/erusev/parsedown.git
synced 2023-08-10 21:13:06 +03:00
Compare commits
164 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6678d59be4 | |||
| c999a4b61b | |||
| e938ab4ffe | |||
| e69374af0d | |||
| 1196ed9512 | |||
| 1244122b84 | |||
| d98d60aaf3 | |||
| 296ebf0e60 | |||
| a60ba300b1 | |||
| 089789dfff | |||
| fbe3fe878f | |||
| 09827f542c | |||
| 70ef6f5521 | |||
| 691e36b1f2 | |||
| af6affdc2c | |||
| 9cf41f27ab | |||
| 16aadff2ed | |||
| 07c937583d | |||
| 728952b90a | |||
| c82af01bd6 | |||
| 67c3efbea0 | |||
| 593ffd45a3 | |||
| bbb7687f31 | |||
| b1e5aebaf6 | |||
| c63b690a79 | |||
| 226f636360 | |||
| 2e4afde68d | |||
| dc30cb441c | |||
| f76b10aaab | |||
| 054ba3c487 | |||
| 4bae1c9834 | |||
| aee3963e6b | |||
| 4dc98b635d | |||
| e4bb12329e | |||
| 6d0156d707 | |||
| 29ad172261 | |||
| 131ba75851 | |||
| 924b26e16c | |||
| af04ac92e2 | |||
| 6bb66db00f | |||
| b3d45c4bb9 | |||
| 1d4296f34d | |||
| bf5105cb1a | |||
| 1140613fc7 | |||
| 4367f89a74 | |||
| 1bf24f7334 | |||
| 0a09d5ad45 | |||
| 3fc442b078 | |||
| bd0e31a7dd | |||
| dfaf03639a | |||
| 7081afe8cb | |||
| 4b6493999a | |||
| 0172d779d7 | |||
| cc5b38ca39 | |||
| 48351504de | |||
| 20ff8bbb57 | |||
| bc21988fe5 | |||
| e3c3e28554 | |||
| f053740132 | |||
| 7a92a31739 | |||
| 6eca8796fb | |||
| 8876c0984e | |||
| cbc4b3f612 | |||
| 0080ef218e | |||
| f4e0234af0 | |||
| 5c22531e4d | |||
| 3978e33fd0 | |||
| a37797ef34 | |||
| e3cd271f16 | |||
| f0b7b61c16 | |||
| ed41fcf3d6 | |||
| 1fa8fae301 | |||
| 932bafe0f0 | |||
| ac857809ab | |||
| 846274996a | |||
| c145a75848 | |||
| f17aa0438a | |||
| 38f4027d5e | |||
| 2cee8d8a2d | |||
| cceefafd55 | |||
| 1c58e9d8d5 | |||
| 2772b034c6 | |||
| 1a44cbd62c | |||
| a2ed1592bd | |||
| 3d7a473aa9 | |||
| f671ae7364 | |||
| b5951e08c6 | |||
| 490a8f35a4 | |||
| 94688f21cc | |||
| 693f2c4842 | |||
| 9545a295cf | |||
| 3d649081e5 | |||
| 32de2cedcc | |||
| e7443a2bd8 | |||
| 10a7ff776c | |||
| 5ad15b87fa | |||
| b166cab9a2 | |||
| 0f974bf34f | |||
| 3d7cdeec5f | |||
| 97953b193e | |||
| c046a6b646 | |||
| f1fefc257c | |||
| 6f23ec8203 | |||
| 23d4544986 | |||
| 5a4ff5d189 | |||
| 50ac4a06e8 | |||
| 003af26499 | |||
| aa63058a88 | |||
| 15d56cdd27 | |||
| 93d77b0b47 | |||
| c8072a1987 | |||
| b008290917 | |||
| 9928c933d8 | |||
| ddb3bd2107 | |||
| e603c2378d | |||
| 3ebbd730b5 | |||
| 1f02626ed6 | |||
| fa005fdb95 | |||
| 5f40cab3e7 | |||
| 0e89e3714b | |||
| 6b24125f06 | |||
| a589bcac79 | |||
| a9dfc97ddc | |||
| 28774a4359 | |||
| b8b5711ee5 | |||
| 9579e5f5e5 | |||
| 7f7f6418a3 | |||
| ee81967749 | |||
| 96e0810188 | |||
| 99bd1bd678 | |||
| e7a6a06166 | |||
| eca5bb8262 | |||
| 1312908056 | |||
| 76b7d7babd | |||
| ba802c1c8d | |||
| 438874e9a8 | |||
| 8e26f45dee | |||
| e2bb3eaaf8 | |||
| 0de61e7b3a | |||
| 5b72dceb26 | |||
| 95699c9ba6 | |||
| 790066e9a7 | |||
| b9e5228e92 | |||
| 31c8856f53 | |||
| d5823ad622 | |||
| 6736ba9a04 | |||
| 468d1e3da8 | |||
| 7aa1d97bba | |||
| f768f9c63f | |||
| aa83968534 | |||
| 85eadccc05 | |||
| c94fa12d67 | |||
| 11e02d45fa | |||
| ecd53f9add | |||
| 844b2f49ea | |||
| b2ad712644 | |||
| 65116c3cb0 | |||
| 147003107a | |||
| 618b26056c | |||
| b828fe7c8d | |||
| 6c9df528aa | |||
| cb8cc57742 | |||
| 4b7d7cdef2 | |||
| 97e667ab30 |
5
.gitattributes
vendored
Normal file
5
.gitattributes
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
# Ignore all tests for archive
|
||||
/test export-ignore
|
||||
/.gitattributes export-ignore
|
||||
/.travis.yml export-ignore
|
||||
/phpunit.xml.dist export-ignore
|
||||
33
.travis.yml
33
.travis.yml
@ -1,10 +1,27 @@
|
||||
language: php
|
||||
|
||||
php:
|
||||
- 5.6
|
||||
- 5.5
|
||||
- 5.4
|
||||
- 5.3
|
||||
- 5.2
|
||||
- hhvm
|
||||
|
||||
dist: trusty
|
||||
sudo: false
|
||||
|
||||
matrix:
|
||||
include:
|
||||
- php: 5.3
|
||||
dist: precise
|
||||
- php: 5.4
|
||||
- php: 5.5
|
||||
- php: 5.6
|
||||
- php: 7.0
|
||||
- php: 7.1
|
||||
- php: nightly
|
||||
- php: hhvm
|
||||
- php: hhvm-nightly
|
||||
fast_finish: true
|
||||
allow_failures:
|
||||
- php: nightly
|
||||
- php: hhvm-nightly
|
||||
|
||||
before_script:
|
||||
- composer install --prefer-dist --no-interaction --no-progress
|
||||
|
||||
script:
|
||||
- vendor/bin/phpunit
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
The MIT License (MIT)
|
||||
|
||||
Copyright (c) 2013 Emanuil Rusev, erusev.com
|
||||
Copyright (c) 2013-2018 Emanuil Rusev, erusev.com
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
||||
this software and associated documentation files (the "Software"), to deal in
|
||||
@ -17,4 +17,4 @@ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
||||
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
||||
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
||||
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
||||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
233
Parsedown.php
Executable file → Normal file
233
Parsedown.php
Executable file → Normal file
@ -17,7 +17,7 @@ class Parsedown
|
||||
{
|
||||
# ~
|
||||
|
||||
const version = '1.5.1';
|
||||
const version = '1.6.0';
|
||||
|
||||
# ~
|
||||
|
||||
@ -75,6 +75,32 @@ class Parsedown
|
||||
|
||||
protected $urlsLinked = true;
|
||||
|
||||
function setSafeMode($safeMode)
|
||||
{
|
||||
$this->safeMode = (bool) $safeMode;
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
protected $safeMode;
|
||||
|
||||
protected $safeLinksWhitelist = array(
|
||||
'http://',
|
||||
'https://',
|
||||
'ftp://',
|
||||
'ftps://',
|
||||
'mailto:',
|
||||
'data:image/png;base64,',
|
||||
'data:image/gif;base64,',
|
||||
'data:image/jpeg;base64,',
|
||||
'irc:',
|
||||
'ircs:',
|
||||
'git:',
|
||||
'ssh:',
|
||||
'news:',
|
||||
'steam:',
|
||||
);
|
||||
|
||||
#
|
||||
# Lines
|
||||
#
|
||||
@ -107,12 +133,6 @@ class Parsedown
|
||||
|
||||
# ~
|
||||
|
||||
protected $DefinitionTypes = array(
|
||||
'[' => array('Reference'),
|
||||
);
|
||||
|
||||
# ~
|
||||
|
||||
protected $unmarkedBlockTypes = array(
|
||||
'Code',
|
||||
);
|
||||
@ -121,7 +141,7 @@ class Parsedown
|
||||
# Blocks
|
||||
#
|
||||
|
||||
private function lines(array $lines)
|
||||
protected function lines(array $lines)
|
||||
{
|
||||
$CurrentBlock = null;
|
||||
|
||||
@ -169,7 +189,7 @@ class Parsedown
|
||||
|
||||
# ~
|
||||
|
||||
if (isset($CurrentBlock['incomplete']))
|
||||
if (isset($CurrentBlock['continuable']))
|
||||
{
|
||||
$Block = $this->{'block'.$CurrentBlock['type'].'Continue'}($Line, $CurrentBlock);
|
||||
|
||||
@ -181,12 +201,10 @@ class Parsedown
|
||||
}
|
||||
else
|
||||
{
|
||||
if (method_exists($this, 'block'.$CurrentBlock['type'].'Complete'))
|
||||
if ($this->isBlockCompletable($CurrentBlock['type']))
|
||||
{
|
||||
$CurrentBlock = $this->{'block'.$CurrentBlock['type'].'Complete'}($CurrentBlock);
|
||||
}
|
||||
|
||||
unset($CurrentBlock['incomplete']);
|
||||
}
|
||||
}
|
||||
|
||||
@ -224,9 +242,9 @@ class Parsedown
|
||||
$Block['identified'] = true;
|
||||
}
|
||||
|
||||
if (method_exists($this, 'block'.$blockType.'Continue'))
|
||||
if ($this->isBlockContinuable($blockType))
|
||||
{
|
||||
$Block['incomplete'] = true;
|
||||
$Block['continuable'] = true;
|
||||
}
|
||||
|
||||
$CurrentBlock = $Block;
|
||||
@ -253,7 +271,7 @@ class Parsedown
|
||||
|
||||
# ~
|
||||
|
||||
if (isset($CurrentBlock['incomplete']) and method_exists($this, 'block'.$CurrentBlock['type'].'Complete'))
|
||||
if (isset($CurrentBlock['continuable']) and $this->isBlockCompletable($CurrentBlock['type']))
|
||||
{
|
||||
$CurrentBlock = $this->{'block'.$CurrentBlock['type'].'Complete'}($CurrentBlock);
|
||||
}
|
||||
@ -286,6 +304,16 @@ class Parsedown
|
||||
return $markup;
|
||||
}
|
||||
|
||||
protected function isBlockContinuable($Type)
|
||||
{
|
||||
return method_exists($this, 'block'.$Type.'Continue');
|
||||
}
|
||||
|
||||
protected function isBlockCompletable($Type)
|
||||
{
|
||||
return method_exists($this, 'block'.$Type.'Complete');
|
||||
}
|
||||
|
||||
#
|
||||
# Code
|
||||
|
||||
@ -340,8 +368,6 @@ class Parsedown
|
||||
{
|
||||
$text = $Block['element']['text']['text'];
|
||||
|
||||
$text = htmlspecialchars($text, ENT_NOQUOTES, 'UTF-8');
|
||||
|
||||
$Block['element']['text']['text'] = $text;
|
||||
|
||||
return $Block;
|
||||
@ -352,7 +378,7 @@ class Parsedown
|
||||
|
||||
protected function blockComment($Line)
|
||||
{
|
||||
if ($this->markupEscaped)
|
||||
if ($this->markupEscaped or $this->safeMode)
|
||||
{
|
||||
return;
|
||||
}
|
||||
@ -394,16 +420,16 @@ class Parsedown
|
||||
|
||||
protected function blockFencedCode($Line)
|
||||
{
|
||||
if (preg_match('/^(['.$Line['text'][0].']{3,})[ ]*([\w-]+)?[ ]*$/', $Line['text'], $matches))
|
||||
if (preg_match('/^['.$Line['text'][0].']{3,}[ ]*([\w-]+)?[ ]*$/', $Line['text'], $matches))
|
||||
{
|
||||
$Element = array(
|
||||
'name' => 'code',
|
||||
'text' => '',
|
||||
);
|
||||
|
||||
if (isset($matches[2]))
|
||||
if (isset($matches[1]))
|
||||
{
|
||||
$class = 'language-'.$matches[2];
|
||||
$class = 'language-'.$matches[1];
|
||||
|
||||
$Element['attributes'] = array(
|
||||
'class' => $class,
|
||||
@ -446,7 +472,7 @@ class Parsedown
|
||||
return $Block;
|
||||
}
|
||||
|
||||
$Block['element']['text']['text'] .= "\n".$Line['body'];;
|
||||
$Block['element']['text']['text'] .= "\n".$Line['body'];
|
||||
|
||||
return $Block;
|
||||
}
|
||||
@ -455,8 +481,6 @@ class Parsedown
|
||||
{
|
||||
$text = $Block['element']['text']['text'];
|
||||
|
||||
$text = htmlspecialchars($text, ENT_NOQUOTES, 'UTF-8');
|
||||
|
||||
$Block['element']['text']['text'] = $text;
|
||||
|
||||
return $Block;
|
||||
@ -513,6 +537,16 @@ class Parsedown
|
||||
),
|
||||
);
|
||||
|
||||
if($name === 'ol')
|
||||
{
|
||||
$listStart = stristr($matches[0], '.', true);
|
||||
|
||||
if($listStart !== '1')
|
||||
{
|
||||
$Block['element']['attributes'] = array('start' => $listStart);
|
||||
}
|
||||
}
|
||||
|
||||
$Block['li'] = array(
|
||||
'name' => 'li',
|
||||
'handler' => 'li',
|
||||
@ -666,14 +700,16 @@ class Parsedown
|
||||
|
||||
protected function blockMarkup($Line)
|
||||
{
|
||||
if ($this->markupEscaped)
|
||||
if ($this->markupEscaped or $this->safeMode)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/^<(\w*)(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*(\/)?>/', $Line['text'], $matches))
|
||||
if (preg_match('/^<(\w[\w-]*)(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*(\/)?>/', $Line['text'], $matches))
|
||||
{
|
||||
if (in_array($matches[1], $this->textLevelElements))
|
||||
$element = strtolower($matches[1]);
|
||||
|
||||
if (in_array($element, $this->textLevelElements))
|
||||
{
|
||||
return;
|
||||
}
|
||||
@ -987,15 +1023,13 @@ class Parsedown
|
||||
{
|
||||
$markup = '';
|
||||
|
||||
$unexaminedText = $text;
|
||||
# $excerpt is based on the first occurrence of a marker
|
||||
|
||||
$markerPosition = 0;
|
||||
|
||||
while ($excerpt = strpbrk($unexaminedText, $this->inlineMarkerList))
|
||||
while ($excerpt = strpbrk($text, $this->inlineMarkerList))
|
||||
{
|
||||
$marker = $excerpt[0];
|
||||
|
||||
$markerPosition += strpos($unexaminedText, $marker);
|
||||
$markerPosition = strpos($text, $marker);
|
||||
|
||||
$Excerpt = array('text' => $excerpt, 'context' => $text);
|
||||
|
||||
@ -1008,34 +1042,42 @@ class Parsedown
|
||||
continue;
|
||||
}
|
||||
|
||||
if (isset($Inline['position']) and $Inline['position'] > $markerPosition) # position is ahead of marker
|
||||
# makes sure that the inline belongs to "our" marker
|
||||
|
||||
if (isset($Inline['position']) and $Inline['position'] > $markerPosition)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
|
||||
# sets a default inline position
|
||||
|
||||
if ( ! isset($Inline['position']))
|
||||
{
|
||||
$Inline['position'] = $markerPosition;
|
||||
}
|
||||
|
||||
# the text that comes before the inline
|
||||
$unmarkedText = substr($text, 0, $Inline['position']);
|
||||
|
||||
# compile the unmarked text
|
||||
$markup .= $this->unmarkedText($unmarkedText);
|
||||
|
||||
# compile the inline
|
||||
$markup .= isset($Inline['markup']) ? $Inline['markup'] : $this->element($Inline['element']);
|
||||
|
||||
# remove the examined text
|
||||
$text = substr($text, $Inline['position'] + $Inline['extent']);
|
||||
|
||||
$unexaminedText = $text;
|
||||
|
||||
$markerPosition = 0;
|
||||
|
||||
continue 2;
|
||||
}
|
||||
|
||||
$unexaminedText = substr($excerpt, 1);
|
||||
# the marker does not belong to an inline
|
||||
|
||||
$markerPosition ++;
|
||||
$unmarkedText = substr($text, 0, $markerPosition + 1);
|
||||
|
||||
$markup .= $this->unmarkedText($unmarkedText);
|
||||
|
||||
$text = substr($text, $markerPosition + 1);
|
||||
}
|
||||
|
||||
$markup .= $this->unmarkedText($text);
|
||||
@ -1054,7 +1096,6 @@ class Parsedown
|
||||
if (preg_match('/^('.$marker.'+)[ ]*(.+?)[ ]*(?<!'.$marker.')\1(?!'.$marker.')/s', $Excerpt['text'], $matches))
|
||||
{
|
||||
$text = $matches[2];
|
||||
$text = htmlspecialchars($text, ENT_NOQUOTES, 'UTF-8');
|
||||
$text = preg_replace("/[ ]*\n/", ' ', $text);
|
||||
|
||||
return array(
|
||||
@ -1184,7 +1225,7 @@ class Parsedown
|
||||
|
||||
$remainder = $Excerpt['text'];
|
||||
|
||||
if (preg_match('/\[((?:[^][]|(?R))*)\]/', $remainder, $matches))
|
||||
if (preg_match('/\[((?:[^][]++|(?R))*+)\]/', $remainder, $matches))
|
||||
{
|
||||
$Element['text'] = $matches[1];
|
||||
|
||||
@ -1197,7 +1238,7 @@ class Parsedown
|
||||
return;
|
||||
}
|
||||
|
||||
if (preg_match('/^[(]((?:[^ ()]|[(][^ )]+[)])+)(?:[ ]+("[^"]+"|\'[^\']+\'))?[)]/', $remainder, $matches))
|
||||
if (preg_match('/^[(]\s*+((?:[^ ()]++|[(][^ )]+[)])++)(?:[ ]+("[^"]*"|\'[^\']*\'))?\s*[)]/', $remainder, $matches))
|
||||
{
|
||||
$Element['attributes']['href'] = $matches[1];
|
||||
|
||||
@ -1212,7 +1253,7 @@ class Parsedown
|
||||
{
|
||||
if (preg_match('/^\s*\[(.*?)\]/', $remainder, $matches))
|
||||
{
|
||||
$definition = $matches[1] ? $matches[1] : $Element['text'];
|
||||
$definition = strlen($matches[1]) ? $matches[1] : $Element['text'];
|
||||
$definition = strtolower($definition);
|
||||
|
||||
$extent += strlen($matches[0]);
|
||||
@ -1233,8 +1274,6 @@ class Parsedown
|
||||
$Element['attributes']['title'] = $Definition['title'];
|
||||
}
|
||||
|
||||
$Element['attributes']['href'] = str_replace(array('&', '<'), array('&', '<'), $Element['attributes']['href']);
|
||||
|
||||
return array(
|
||||
'extent' => $extent,
|
||||
'element' => $Element,
|
||||
@ -1243,12 +1282,12 @@ class Parsedown
|
||||
|
||||
protected function inlineMarkup($Excerpt)
|
||||
{
|
||||
if ($this->markupEscaped or strpos($Excerpt['text'], '>') === false)
|
||||
if ($this->markupEscaped or $this->safeMode or strpos($Excerpt['text'], '>') === false)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
if ($Excerpt['text'][1] === '/' and preg_match('/^<\/\w*[ ]*>/s', $Excerpt['text'], $matches))
|
||||
if ($Excerpt['text'][1] === '/' and preg_match('/^<\/\w[\w-]*[ ]*>/s', $Excerpt['text'], $matches))
|
||||
{
|
||||
return array(
|
||||
'markup' => $matches[0],
|
||||
@ -1264,7 +1303,7 @@ class Parsedown
|
||||
);
|
||||
}
|
||||
|
||||
if ($Excerpt['text'][1] !== ' ' and preg_match('/^<\w*(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*\/?>/s', $Excerpt['text'], $matches))
|
||||
if ($Excerpt['text'][1] !== ' ' and preg_match('/^<\w[\w-]*(?:[ ]*'.$this->regexHtmlAttribute.')*[ ]*\/?>/s', $Excerpt['text'], $matches))
|
||||
{
|
||||
return array(
|
||||
'markup' => $matches[0],
|
||||
@ -1323,14 +1362,16 @@ class Parsedown
|
||||
|
||||
if (preg_match('/\bhttps?:[\/]{2}[^\s<]+\b\/*/ui', $Excerpt['context'], $matches, PREG_OFFSET_CAPTURE))
|
||||
{
|
||||
$url = $matches[0][0];
|
||||
|
||||
$Inline = array(
|
||||
'extent' => strlen($matches[0][0]),
|
||||
'position' => $matches[0][1],
|
||||
'element' => array(
|
||||
'name' => 'a',
|
||||
'text' => $matches[0][0],
|
||||
'text' => $url,
|
||||
'attributes' => array(
|
||||
'href' => $matches[0][0],
|
||||
'href' => $url,
|
||||
),
|
||||
),
|
||||
);
|
||||
@ -1343,7 +1384,7 @@ class Parsedown
|
||||
{
|
||||
if (strpos($Excerpt['text'], '>') !== false and preg_match('/^<(\w+:\/{2}[^ >]+)>/i', $Excerpt['text'], $matches))
|
||||
{
|
||||
$url = str_replace(array('&', '<'), array('&', '<'), $matches[1]);
|
||||
$url = $matches[1];
|
||||
|
||||
return array(
|
||||
'extent' => strlen($matches[0]),
|
||||
@ -1381,6 +1422,11 @@ class Parsedown
|
||||
|
||||
protected function element(array $Element)
|
||||
{
|
||||
if ($this->safeMode)
|
||||
{
|
||||
$Element = $this->sanitiseElement($Element);
|
||||
}
|
||||
|
||||
$markup = '<'.$Element['name'];
|
||||
|
||||
if (isset($Element['attributes']))
|
||||
@ -1392,7 +1438,7 @@ class Parsedown
|
||||
continue;
|
||||
}
|
||||
|
||||
$markup .= ' '.$name.'="'.$value.'"';
|
||||
$markup .= ' '.$name.'="'.self::escape($value).'"';
|
||||
}
|
||||
}
|
||||
|
||||
@ -1402,11 +1448,11 @@ class Parsedown
|
||||
|
||||
if (isset($Element['handler']))
|
||||
{
|
||||
$markup .= $this->$Element['handler']($Element['text']);
|
||||
$markup .= $this->{$Element['handler']}($Element['text']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$markup .= $Element['text'];
|
||||
$markup .= self::escape($Element['text'], true);
|
||||
}
|
||||
|
||||
$markup .= '</'.$Element['name'].'>';
|
||||
@ -1465,10 +1511,77 @@ class Parsedown
|
||||
return $markup;
|
||||
}
|
||||
|
||||
protected function sanitiseElement(array $Element)
|
||||
{
|
||||
static $goodAttribute = '/^[a-zA-Z0-9][a-zA-Z0-9-_]*+$/';
|
||||
static $safeUrlNameToAtt = array(
|
||||
'a' => 'href',
|
||||
'img' => 'src',
|
||||
);
|
||||
|
||||
if (isset($safeUrlNameToAtt[$Element['name']]))
|
||||
{
|
||||
$Element = $this->filterUnsafeUrlInAttribute($Element, $safeUrlNameToAtt[$Element['name']]);
|
||||
}
|
||||
|
||||
if ( ! empty($Element['attributes']))
|
||||
{
|
||||
foreach ($Element['attributes'] as $att => $val)
|
||||
{
|
||||
# filter out badly parsed attribute
|
||||
if ( ! preg_match($goodAttribute, $att))
|
||||
{
|
||||
unset($Element['attributes'][$att]);
|
||||
}
|
||||
# dump onevent attribute
|
||||
elseif (self::striAtStart($att, 'on'))
|
||||
{
|
||||
unset($Element['attributes'][$att]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $Element;
|
||||
}
|
||||
|
||||
protected function filterUnsafeUrlInAttribute(array $Element, $attribute)
|
||||
{
|
||||
foreach ($this->safeLinksWhitelist as $scheme)
|
||||
{
|
||||
if (self::striAtStart($Element['attributes'][$attribute], $scheme))
|
||||
{
|
||||
return $Element;
|
||||
}
|
||||
}
|
||||
|
||||
$Element['attributes'][$attribute] = str_replace(':', '%3A', $Element['attributes'][$attribute]);
|
||||
|
||||
return $Element;
|
||||
}
|
||||
|
||||
#
|
||||
# Static Methods
|
||||
#
|
||||
|
||||
protected static function escape($text, $allowQuotes = false)
|
||||
{
|
||||
return htmlspecialchars($text, $allowQuotes ? ENT_NOQUOTES : ENT_QUOTES, 'UTF-8');
|
||||
}
|
||||
|
||||
protected static function striAtStart($string, $needle)
|
||||
{
|
||||
$len = strlen($needle);
|
||||
|
||||
if ($len > strlen($string))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
return strtolower(substr($string, 0, $len)) === strtolower($needle);
|
||||
}
|
||||
}
|
||||
|
||||
static function instance($name = 'default')
|
||||
{
|
||||
if (isset(self::$instances[$name]))
|
||||
@ -1476,7 +1589,7 @@ class Parsedown
|
||||
return self::$instances[$name];
|
||||
}
|
||||
|
||||
$instance = new self();
|
||||
$instance = new static();
|
||||
|
||||
self::$instances[$name] = $instance;
|
||||
|
||||
@ -1519,10 +1632,10 @@ class Parsedown
|
||||
'b', 'em', 'big', 'cite', 'small', 'spacer', 'listing',
|
||||
'i', 'rp', 'del', 'code', 'strike', 'marquee',
|
||||
'q', 'rt', 'ins', 'font', 'strong',
|
||||
's', 'tt', 'sub', 'mark',
|
||||
'u', 'xm', 'sup', 'nobr',
|
||||
'var', 'ruby',
|
||||
'wbr', 'span',
|
||||
'time',
|
||||
's', 'tt', 'kbd', 'mark',
|
||||
'u', 'xm', 'sub', 'nobr',
|
||||
'sup', 'ruby',
|
||||
'var', 'span',
|
||||
'wbr', 'time',
|
||||
);
|
||||
}
|
||||
|
||||
31
README.md
31
README.md
@ -1,16 +1,25 @@
|
||||
> I also make [Caret](https://caret.io?ref=parsedown) - a Markdown editor for Mac and PC.
|
||||
|
||||
## Parsedown
|
||||
|
||||
[](https://travis-ci.org/erusev/parsedown)
|
||||
<!--[](https://packagist.org/packages/erusev/parsedown)-->
|
||||
|
||||
Better Markdown Parser in PHP
|
||||
|
||||
[[ demo ]](http://parsedown.org/demo)
|
||||
[Demo](http://parsedown.org/demo) |
|
||||
[Benchmarks](http://parsedown.org/speed) |
|
||||
[Tests](http://parsedown.org/tests/) |
|
||||
[Documentation](https://github.com/erusev/parsedown/wiki/)
|
||||
|
||||
### Features
|
||||
|
||||
* [Fast](http://parsedown.org/speed)
|
||||
* [Consistent](http://parsedown.org/consistency)
|
||||
* One File
|
||||
* No Dependencies
|
||||
* Super Fast
|
||||
* Extensible
|
||||
* [GitHub flavored](https://help.github.com/articles/github-flavored-markdown)
|
||||
* [Tested](http://parsedown.org/tests/) in PHP 5.2, 5.3, 5.4, 5.5, 5.6 and [hhvm](http://www.hhvm.com/)
|
||||
* [Extensible](https://github.com/erusev/parsedown/wiki/Writing-Extensions)
|
||||
* Tested in 5.3 to 7.1 and in HHVM
|
||||
* [Markdown Extra extension](https://github.com/erusev/parsedown-extra)
|
||||
|
||||
### Installation
|
||||
@ -25,13 +34,17 @@ $Parsedown = new Parsedown();
|
||||
echo $Parsedown->text('Hello _Parsedown_!'); # prints: <p>Hello <em>Parsedown</em>!</p>
|
||||
```
|
||||
|
||||
More examples in [the wiki](https://github.com/erusev/parsedown/wiki/Usage) and in [this video tutorial](http://youtu.be/wYZBY8DEikI).
|
||||
More examples in [the wiki](https://github.com/erusev/parsedown/wiki/) and in [this video tutorial](http://youtu.be/wYZBY8DEikI).
|
||||
|
||||
### Security
|
||||
|
||||
Parsedown does not sanitize the HTML that it generates. When you deal with untrusted content (ex: user comments) you should also use a HTML sanitizer like [HTML Purifier](http://htmlpurifier.org/).
|
||||
|
||||
### Questions
|
||||
|
||||
**How does Parsedown work?**
|
||||
|
||||
It tries to read Markdown like a human. First, it looks at the lines. It’s interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line start with a `-` then it perhaps belong to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).
|
||||
It tries to read Markdown like a human. First, it looks at the lines. It’s interested in how the lines start. This helps it recognise blocks. It knows, for example, that if a line starts with a `-` then perhaps it belongs to a list. Once it recognises the blocks, it continues to the content. As it reads, it watches out for special characters. This helps it recognise inline elements (or inlines).
|
||||
|
||||
We call this approach "line based". We believe that Parsedown is the first Markdown parser to use it. Since the release of Parsedown, other developers have used the same approach to develop other Markdown parsers in PHP and in other languages.
|
||||
|
||||
@ -41,8 +54,8 @@ It passes most of the CommonMark tests. Most of the tests that don't pass deal w
|
||||
|
||||
**Who uses it?**
|
||||
|
||||
[phpDocumentor](http://www.phpdoc.org/), [October CMS](http://octobercms.com/), [Bolt CMS](http://bolt.cm/), [Kirby CMS](http://getkirby.com/), [Grav CMS](http://getgrav.org/), [Statamic CMS](http://www.statamic.com/), [RaspberryPi.org](http://www.raspberrypi.org/) and [more](https://www.versioneye.com/php/erusev:parsedown/references).
|
||||
[phpDocumentor](http://www.phpdoc.org/), [October CMS](http://octobercms.com/), [Bolt CMS](http://bolt.cm/), [Kirby CMS](http://getkirby.com/), [Grav CMS](http://getgrav.org/), [Statamic CMS](http://www.statamic.com/), [Herbie CMS](http://www.getherbie.org/), [RaspberryPi.org](http://www.raspberrypi.org/), [Symfony demo](https://github.com/symfony/symfony-demo) and [more](https://packagist.org/packages/erusev/parsedown/dependents).
|
||||
|
||||
**How can I help?**
|
||||
|
||||
Use it, star it, share it and if you feel generous, [donate some money](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=528P3NZQMP8N2).
|
||||
Use it, star it, share it and if you feel generous, [donate](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=528P3NZQMP8N2).
|
||||
|
||||
@ -12,7 +12,13 @@
|
||||
"homepage": "http://erusev.com"
|
||||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=5.3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"phpunit/phpunit": "^4.8.35"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-0": {"Parsedown": ""}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -5,4 +5,4 @@
|
||||
<file>test/ParsedownTest.php</file>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
</phpunit>
|
||||
</phpunit>
|
||||
|
||||
@ -8,7 +8,10 @@
|
||||
* @link http://commonmark.org/ CommonMark
|
||||
* @link http://git.io/8WtRvQ JavaScript test runner
|
||||
*/
|
||||
class CommonMarkTest extends PHPUnit_Framework_TestCase
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class CommonMarkTest extends TestCase
|
||||
{
|
||||
const SPEC_URL = 'https://raw.githubusercontent.com/jgm/stmd/master/spec.txt';
|
||||
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
<?php
|
||||
|
||||
class ParsedownTest extends PHPUnit_Framework_TestCase
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
class ParsedownTest extends TestCase
|
||||
{
|
||||
final function __construct($name = null, array $data = array(), $dataName = '')
|
||||
{
|
||||
@ -46,6 +48,8 @@ class ParsedownTest extends PHPUnit_Framework_TestCase
|
||||
$expectedMarkup = str_replace("\r\n", "\n", $expectedMarkup);
|
||||
$expectedMarkup = str_replace("\r", "\n", $expectedMarkup);
|
||||
|
||||
$this->Parsedown->setSafeMode(substr($test, 0, 3) === 'xss');
|
||||
|
||||
$actualMarkup = $this->Parsedown->text($markdown);
|
||||
|
||||
$this->assertEquals($expectedMarkup, $actualMarkup);
|
||||
@ -136,4 +140,24 @@ EXPECTED_HTML;
|
||||
$parsedownWithNoMarkup->setMarkupEscaped(true);
|
||||
$this->assertEquals($expectedHtml, $parsedownWithNoMarkup->text($markdownWithHtml));
|
||||
}
|
||||
|
||||
public function testLateStaticBinding()
|
||||
{
|
||||
include __DIR__ . '/TestParsedown.php';
|
||||
|
||||
$parsedown = Parsedown::instance();
|
||||
$this->assertInstanceOf('Parsedown', $parsedown);
|
||||
|
||||
// After instance is already called on Parsedown
|
||||
// subsequent calls with the same arguments return the same instance
|
||||
$sameParsedown = TestParsedown::instance();
|
||||
$this->assertInstanceOf('Parsedown', $sameParsedown);
|
||||
$this->assertSame($parsedown, $sameParsedown);
|
||||
|
||||
$testParsedown = TestParsedown::instance('test late static binding');
|
||||
$this->assertInstanceOf('TestParsedown', $testParsedown);
|
||||
|
||||
$sameInstanceAgain = TestParsedown::instance('test late static binding');
|
||||
$this->assertSame($testParsedown, $sameInstanceAgain);
|
||||
}
|
||||
}
|
||||
|
||||
5
test/TestParsedown.php
Normal file
5
test/TestParsedown.php
Normal file
@ -0,0 +1,5 @@
|
||||
<?php
|
||||
|
||||
class TestParsedown extends Parsedown
|
||||
{
|
||||
}
|
||||
@ -1,3 +1,3 @@
|
||||
<?php
|
||||
|
||||
include 'Parsedown.php';
|
||||
include 'Parsedown.php';
|
||||
|
||||
@ -1 +1,2 @@
|
||||
<p><img src="/md.png" alt="alt" title="title" /></p>
|
||||
<p><img src="/md.png" alt="alt" title="title" /></p>
|
||||
<p><img src="/md.png" alt="blank title" title="" /></p>
|
||||
@ -1 +1,3 @@
|
||||
|
||||
|
||||
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -1,4 +1,6 @@
|
||||
<p><a href="http://example.com" title="Title">single quotes</a></p>
|
||||
<p><a href="http://example.com" title="Title">double quotes</a></p>
|
||||
<p><a href="http://example.com" title="">single quotes blank</a></p>
|
||||
<p><a href="http://example.com" title="">double quotes blank</a></p>
|
||||
<p><a href="http://example.com" title="2 Words">space</a></p>
|
||||
<p><a href="http://example.com/url-(parentheses)" title="Title">parentheses</a></p>
|
||||
@ -2,6 +2,10 @@
|
||||
|
||||
[double quotes](http://example.com "Title")
|
||||
|
||||
[single quotes blank](http://example.com '')
|
||||
|
||||
[double quotes blank](http://example.com "")
|
||||
|
||||
[space](http://example.com "2 Words")
|
||||
|
||||
[parentheses](http://example.com/url-(parentheses) "Title")
|
||||
@ -8,6 +8,6 @@
|
||||
<li>two</li>
|
||||
</ol>
|
||||
<p>large numbers:</p>
|
||||
<ol>
|
||||
<ol start="123">
|
||||
<li>one</li>
|
||||
</ol>
|
||||
6
test/data/xss_attribute_encoding.html
Normal file
6
test/data/xss_attribute_encoding.html
Normal file
@ -0,0 +1,6 @@
|
||||
<p><a href="https://www.example.com"">xss</a></p>
|
||||
<p><img src="https://www.example.com"" alt="xss" /></p>
|
||||
<p><a href="https://www.example.com'">xss</a></p>
|
||||
<p><img src="https://www.example.com'" alt="xss" /></p>
|
||||
<p><img src="https://www.example.com" alt="xss"" /></p>
|
||||
<p><img src="https://www.example.com" alt="xss'" /></p>
|
||||
11
test/data/xss_attribute_encoding.md
Normal file
11
test/data/xss_attribute_encoding.md
Normal file
@ -0,0 +1,11 @@
|
||||
[xss](https://www.example.com")
|
||||
|
||||
![xss](https://www.example.com")
|
||||
|
||||
[xss](https://www.example.com')
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
16
test/data/xss_bad_url.html
Normal file
16
test/data/xss_bad_url.html
Normal file
@ -0,0 +1,16 @@
|
||||
<p><a href="javascript%3Aalert(1)">xss</a></p>
|
||||
<p><a href="javascript%3Aalert(1)">xss</a></p>
|
||||
<p><a href="javascript%3A//alert(1)">xss</a></p>
|
||||
<p><a href="javascript&colon;alert(1)">xss</a></p>
|
||||
<p><img src="javascript%3Aalert(1)" alt="xss" /></p>
|
||||
<p><img src="javascript%3Aalert(1)" alt="xss" /></p>
|
||||
<p><img src="javascript%3A//alert(1)" alt="xss" /></p>
|
||||
<p><img src="javascript&colon;alert(1)" alt="xss" /></p>
|
||||
<p><a href="data%3Atext/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">xss</a></p>
|
||||
<p><a href="data%3Atext/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">xss</a></p>
|
||||
<p><a href="data%3A//text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">xss</a></p>
|
||||
<p><a href="data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==">xss</a></p>
|
||||
<p><img src="data%3Atext/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" alt="xss" /></p>
|
||||
<p><img src="data%3Atext/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" alt="xss" /></p>
|
||||
<p><img src="data%3A//text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" alt="xss" /></p>
|
||||
<p><img src="data&colon;text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==" alt="xss" /></p>
|
||||
31
test/data/xss_bad_url.md
Normal file
31
test/data/xss_bad_url.md
Normal file
@ -0,0 +1,31 @@
|
||||
[xss](javascript:alert(1))
|
||||
|
||||
[xss]( javascript:alert(1))
|
||||
|
||||
[xss](javascript://alert(1))
|
||||
|
||||
[xss](javascript:alert(1))
|
||||
|
||||
)
|
||||
|
||||
)
|
||||
|
||||
)
|
||||
|
||||
)
|
||||
|
||||
[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||
|
||||
[xss]( data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||
|
||||
[xss](data://text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||
|
||||
[xss](data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==)
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
7
test/data/xss_text_encoding.html
Normal file
7
test/data/xss_text_encoding.html
Normal file
@ -0,0 +1,7 @@
|
||||
<p><script>alert(1)</script></p>
|
||||
<p><script></p>
|
||||
<p>alert(1)</p>
|
||||
<p></script></p>
|
||||
<p><script>
|
||||
alert(1)
|
||||
</script></p>
|
||||
12
test/data/xss_text_encoding.md
Normal file
12
test/data/xss_text_encoding.md
Normal file
@ -0,0 +1,12 @@
|
||||
<script>alert(1)</script>
|
||||
|
||||
<script>
|
||||
|
||||
alert(1)
|
||||
|
||||
</script>
|
||||
|
||||
|
||||
<script>
|
||||
alert(1)
|
||||
</script>
|
||||
Reference in New Issue
Block a user