mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity
054ba3c487
parsedown/test/data
History
Aidan Woods 054ba3c487
urlencode urls that are potentially unsafe: 
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
..
aesthetic_table.html simplify folder name 2014-04-28 21:53:34 +03:00
aesthetic_table.md simplify folder name 2014-04-28 21:53:34 +03:00
aligned_table.html resolve #156 2015-01-16 00:04:18 +02:00
aligned_table.md simplify folder name 2014-04-28 21:53:34 +03:00
atx_heading.html improve CommonMark compliance 2015-01-10 02:45:51 +02:00
atx_heading.md improve CommonMark compliance 2015-01-10 02:45:51 +02:00
automatic_link.html simplify folder name 2014-04-28 21:53:34 +03:00
automatic_link.md simplify folder name 2014-04-28 21:53:34 +03:00
block-level_html.html improve tests 2015-01-24 14:37:40 +02:00
block-level_html.md improve tests 2015-01-24 14:37:40 +02:00
code_block.html simplify folder name 2014-04-28 21:53:34 +03:00
code_block.md simplify folder name 2014-04-28 21:53:34 +03:00
code_span.html simplify folder name 2014-04-28 21:53:34 +03:00
code_span.md simplify folder name 2014-04-28 21:53:34 +03:00
compound_blockquote.html simplify folder name 2014-04-28 21:53:34 +03:00
compound_blockquote.md simplify folder name 2014-04-28 21:53:34 +03:00
compound_emphasis.html simplify folder name 2014-04-28 21:53:34 +03:00
compound_emphasis.md simplify folder name 2014-04-28 21:53:34 +03:00
compound_list.html simplify folder name 2014-04-28 21:53:34 +03:00
compound_list.md simplify folder name 2014-04-28 21:53:34 +03:00
deeply_nested_list.html simplify folder name 2014-04-28 21:53:34 +03:00
deeply_nested_list.md resolve #160 2014-04-28 21:54:38 +03:00
em_strong.html simplify folder name 2014-04-28 21:53:34 +03:00
em_strong.md simplify folder name 2014-04-28 21:53:34 +03:00
email.html simplify folder name 2014-04-28 21:53:34 +03:00
email.md simplify folder name 2014-04-28 21:53:34 +03:00
emphasis.html simplify folder name 2014-04-28 21:53:34 +03:00
emphasis.md simplify folder name 2014-04-28 21:53:34 +03:00
escaping.html resolve #248 2014-11-28 14:03:12 +02:00
escaping.md resolve #248 2014-11-28 14:03:12 +02:00
fenced_code_block.html simplify folder name 2014-04-28 21:53:34 +03:00
fenced_code_block.md simplify folder name 2014-04-28 21:53:34 +03:00
horizontal_rule.html simplify folder name 2014-04-28 21:53:34 +03:00
horizontal_rule.md simplify folder name 2014-04-28 21:53:34 +03:00
html_comment.html improve consistency 2014-09-26 13:06:40 +03:00
html_comment.md improve consistency 2014-09-26 13:06:40 +03:00
html_entity.html simplify folder name 2014-04-28 21:53:34 +03:00
html_entity.md simplify folder name 2014-04-28 21:53:34 +03:00
image_reference.html resolve #251 2014-12-16 13:58:33 +02:00
image_reference.md resolve #251 2014-12-16 13:58:33 +02:00
image_title.html Fixes #283 2015-02-03 13:58:47 -08:00
image_title.md Fixes #283 2015-02-03 13:58:47 -08:00
implicit_reference.html fix consecutive reference links 2014-05-06 17:05:49 +03:00
implicit_reference.md fix consecutive reference links 2014-05-06 17:05:49 +03:00
inline_link_title.html Fixes #283 2015-02-03 13:58:47 -08:00
inline_link_title.md Fixes #283 2015-02-03 13:58:47 -08:00
inline_link.html urlencode urls that are potentially unsafe: 2017-05-03 17:01:27 +01:00
inline_link.md adjust two regex pattern within inlineLink() to reduce backtracking 2017-01-07 00:45:38 +01:00
inline_title.html simplify folder name 2014-04-28 21:53:34 +03:00
inline_title.md simplify folder name 2014-04-28 21:53:34 +03:00
lazy_blockquote.html resolve #136 2014-05-01 02:42:01 +03:00
lazy_blockquote.md resolve #136 2014-05-01 02:42:01 +03:00
lazy_list.html simplify folder name 2014-04-28 21:53:34 +03:00
lazy_list.md simplify folder name 2014-04-28 21:53:34 +03:00
line_break.html simplify folder name 2014-04-28 21:53:34 +03:00
line_break.md simplify folder name 2014-04-28 21:53:34 +03:00
multiline_list_paragraph.html simplify folder name 2014-04-28 21:53:34 +03:00
multiline_list_paragraph.md simplify folder name 2014-04-28 21:53:34 +03:00
nested_block-level_html.html simplify folder name 2014-04-28 21:53:34 +03:00
nested_block-level_html.md simplify folder name 2014-04-28 21:53:34 +03:00
ordered_list.html update test for new feature 2016-10-04 17:43:37 +01:00
ordered_list.md simplify folder name 2014-04-28 21:53:34 +03:00
paragraph_list.html simplify folder name 2014-04-28 21:53:34 +03:00
paragraph_list.md simplify folder name 2014-04-28 21:53:34 +03:00
reference_title.html simplify folder name 2014-04-28 21:53:34 +03:00
reference_title.md simplify folder name 2014-04-28 21:53:34 +03:00
self-closing_html.html update tests 2015-01-12 02:57:20 +02:00
self-closing_html.md improve test suite 2014-05-21 23:20:46 +03:00
separated_nested_list.html resolve #164 2014-05-01 00:29:21 +03:00
separated_nested_list.md resolve #164 2014-05-01 00:29:21 +03:00
setext_header.html simplify folder name 2014-04-28 21:53:34 +03:00
setext_header.md simplify folder name 2014-04-28 21:53:34 +03:00
simple_blockquote.html simplify folder name 2014-04-28 21:53:34 +03:00
simple_blockquote.md simplify folder name 2014-04-28 21:53:34 +03:00
simple_table.html resolve #156 2015-01-16 00:04:18 +02:00
simple_table.md simplify folder name 2014-04-28 21:53:34 +03:00
span-level_html.html resolve #167 2014-05-02 18:21:10 +03:00
span-level_html.md resolve #167 2014-05-02 18:21:10 +03:00
sparse_dense_list.html simplify folder name 2014-04-28 21:53:34 +03:00
sparse_dense_list.md simplify folder name 2014-04-28 21:53:34 +03:00
sparse_html.html markup should preserve empty lines 2014-11-19 20:18:56 +02:00
sparse_html.md markup should preserve empty lines 2014-11-19 20:18:56 +02:00
sparse_list.html simplify folder name 2014-04-28 21:53:34 +03:00
sparse_list.md simplify folder name 2014-04-28 21:53:34 +03:00
special_characters.html improve CommonMark compliance 2014-12-02 22:23:43 +02:00
special_characters.md simplify folder name 2014-04-28 21:53:34 +03:00
strikethrough.html simplify folder name 2014-04-28 21:53:34 +03:00
strikethrough.md simplify folder name 2014-04-28 21:53:34 +03:00
strong_em.html simplify folder name 2014-04-28 21:53:34 +03:00
strong_em.md simplify folder name 2014-04-28 21:53:34 +03:00
tab-indented_code_block.html simplify folder name 2014-04-28 21:53:34 +03:00
tab-indented_code_block.md simplify folder name 2014-04-28 21:53:34 +03:00
table_inline_markdown.html improve fix for #184 2015-01-15 21:32:18 +02:00
table_inline_markdown.md improve fix for #184 2015-01-15 21:32:18 +02:00
text_reference.html simplify folder name 2014-04-28 21:53:34 +03:00
text_reference.md simplify folder name 2014-04-28 21:53:34 +03:00
unordered_list.html simplify folder name 2014-04-28 21:53:34 +03:00
unordered_list.md simplify folder name 2014-04-28 21:53:34 +03:00
untidy_table.html simplify folder name 2014-04-28 21:53:34 +03:00
untidy_table.md simplify folder name 2014-04-28 21:53:34 +03:00
url_autolinking.html simplify folder name 2014-04-28 21:53:34 +03:00
url_autolinking.md simplify folder name 2014-04-28 21:53:34 +03:00
whitespace.html simplify folder name 2014-04-28 21:53:34 +03:00
whitespace.md simplify folder name 2014-04-28 21:53:34 +03:00
xss_attribute_encoding.html add xss tests 2017-05-01 03:33:49 +01:00
xss_attribute_encoding.md add xss tests 2017-05-01 03:33:49 +01:00
xss_bad_url.html urlencode urls that are potentially unsafe: 2017-05-03 17:01:27 +01:00
xss_bad_url.md add xss tests 2017-05-01 03:33:49 +01:00
xss_text_encoding.html add xss tests 2017-05-01 03:33:49 +01:00
xss_text_encoding.md add xss tests 2017-05-01 03:33:49 +01:00