Intellivoid
/
MarkdownParser
mirror of https://git.netkas.me/intellivoid/MarkdownParser.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
796 Commits 2 Branches 1 Tag 1,006 KiB
Commit Graph

796 Commits

Author SHA1 Message Date
Daniel Berthereau 129f807e32 Inverted checks of consistency for markdown following markups. 2017-06-22 00:00:00 +02:00
Daniel Berthereau be963a6531 Added tests for consistency when a markdown follows a markup without blank line. 2017-06-19 00:00:00 +02:00
Emanuil Rusev 728952b90a Merge pull request #499 from aidantwoods/fix/hhvm 
Fix hhvm build failure
 2017-05-14 17:47:48 +03:00
Aidan Woods c82af01bd6
add sudo false 2017-05-14 14:39:09 +01:00
Aidan Woods 67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Emanuil Rusev 593ffd45a3 Merge pull request #406 from adrilo/patch-1 
Create .gitattributes
 2017-05-10 12:28:53 +03:00
Aidan Woods bbb7687f31
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create) 2017-05-09 19:31:36 +01:00
Aidan Woods b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods c63b690a79
remove duplicates 2017-05-09 14:50:15 +01:00
Aidan Woods 226f636360
remove $safe flag 2017-05-07 13:45:59 +01:00
Aidan Woods 2e4afde68d
faster check substr at beginning of string 2017-05-06 16:32:51 +01:00
Aidan Woods dc30cb441c
add more protocols to the whitelist 2017-05-05 21:32:27 +01:00
Emanuil Rusev f76b10aaab update readme 2017-05-04 10:28:55 +03:00
Aidan Woods 054ba3c487
urlencode urls that are potentially unsafe: 
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
 2017-05-03 17:01:27 +01:00
Aidan Woods 4bae1c9834
whitelist regex for good attribute (no 
no chars that could form a delimiter allowed
 2017-05-03 00:39:01 +01:00
Aidan Woods aee3963e6b
jpeg, not jpg 2017-05-02 19:55:03 +01:00
Aidan Woods 4dc98b635d
whitelist changes: 
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
  "data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
 2017-05-02 19:48:25 +01:00
Aidan Woods e4bb12329e
array_keys is probably faster 2017-05-02 01:32:24 +01:00
Aidan Woods 6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely 2017-05-02 00:48:48 +01:00
Emanuil Rusev 29ad172261 Merge pull request #496 from aidantwoods/fix/ditch-hhvm-nightly 
replace hhvm nightly with nightly
 2017-05-01 19:35:36 +03:00
Aidan Woods 131ba75851
filter onevent attributes 2017-05-01 15:44:04 +01:00
Aidan Woods 924b26e16c replace hhvm nightly with nightly 2017-05-01 03:57:07 +01:00
Aidan Woods af04ac92e2
add xss tests 2017-05-01 03:33:49 +01:00
Aidan Woods 6bb66db00f
anti-xss 
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
 2017-05-01 03:25:07 +01:00
naNuke b3d45c4bb9 Add html escaping to all attributes capable of holding user input. 2017-05-01 02:00:38 +01:00
naNuke 1d4296f34d Customizable whitelist of schemas for safeLinks 2017-05-01 01:58:34 +01:00
naNuke bf5105cb1a Improve safeLinks with whitelist. 2017-05-01 01:58:34 +01:00
naNuke 1140613fc7 Prevent various XSS attacks 2017-05-01 01:58:34 +01:00
Aidan Woods 1d0af35f10
update test to result generated by CommonMark reference parser 2017-03-29 18:26:07 +01:00
Aidan Woods d7956e3ade
blockmarkup ends on interrupt by newline (CommonMark compliance) 2017-03-29 18:25:56 +01:00
Emanuil Rusev 4367f89a74 attempt to fix failing builds on 5.3 2017-03-29 19:30:24 +03:00
Emanuil Rusev 1bf24f7334 add kbd to text-level elements 2017-03-29 19:04:15 +03:00
Emanuil Rusev 0a09d5ad45 update tests to reflect changes in phpunit 6.0 2017-03-23 20:21:18 +02:00
Emanuil Rusev 3fc442b078 Merge pull request #484 from hkdobrev/patch-1 
Add Symfony demo to "Who uses it?"
 2017-03-10 09:41:24 +02:00
Haralan Dobrev bd0e31a7dd Add Symfony demo to "Who uses it?" 
409a65b373/composer.json (L24)
 2017-03-10 01:04:53 +02:00
Emanuil Rusev dfaf03639a Merge pull request #480 from pjona/patch-1 
Removed double semicolon
 2017-03-08 23:21:03 +02:00
Marek Skiba 7081afe8cb Removed double semicolon 2017-03-02 12:43:51 +01:00
Emanuil Rusev 4b6493999a Merge pull request #465 from aidantwoods/patch-8 
Trim surrounding whitespace from URL in inlineLink
 2017-01-23 09:45:19 +02:00
Aidan Woods 0172d779d7 Trim surrounding whitespace from URL in inlineLink 
Fixes https://github.com/erusev/parsedown-extra/issues/103
 2017-01-21 11:06:41 +00:00
Emanuil Rusev cc5b38ca39 Merge pull request #459 from gene-sis/fix_inlineLink_regex 
fix_inlineLink_regex
 2017-01-07 16:51:03 +02:00
gene_sis 48351504de adjust two regex pattern within inlineLink() to reduce backtracking 
add test with base64 image
 2017-01-07 00:45:38 +01:00
Emanuil Rusev 20ff8bbb57 Merge pull request #447 from greut/phpunit-from-extra 
Fix include from ParsedownTest
 2016-11-02 17:56:58 +02:00
Yoan Blanc bc21988fe5
Fix include from ParsedownTest 
I wasn't able to run all the tests from ParsedownExtra because of it.
 2016-11-02 09:27:35 +01:00
Emanuil Rusev e3c3e28554 Merge pull request #446 from jamesevickery/master 
Grammar update
 2016-10-25 17:39:55 +03:00
James Vickery f053740132 Merge pull request #1 from erusev/master 
Merge pull request #445 from jamesevickery/master
 2016-10-25 15:24:11 +01:00
James Vickery 7a92a31739 Grammar update 2016-10-25 15:22:17 +01:00
Emanuil Rusev 6eca8796fb Merge pull request #445 from jamesevickery/master 
Tiny grammar correction
 2016-10-25 17:21:57 +03:00
James Vickery 8876c0984e Tiny grammar correction 2016-10-25 15:10:22 +01:00
Aidan Woods 67e454e300 Merge pull request #2 from PhrozenByte/aidantwoods/patch-4 
Use the list marker width to determine whether a list item is continued
 2016-10-14 08:29:11 +01:00
Daniel Rudolf ae0211a84c
Travis: Add PHP nightly 2016-10-13 22:17:03 +02:00