dc30cb441c
add more protocols to the whitelist
2017-05-05 21:32:27 +01:00
f76b10aaab
update readme
2017-05-04 10:28:55 +03:00
054ba3c487
urlencode urls that are potentially unsafe:
...
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)
this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
4bae1c9834
whitelist regex for good attribute (no
...
no chars that could form a delimiter allowed
2017-05-03 00:39:01 +01:00
aee3963e6b
jpeg, not jpg
2017-05-02 19:55:03 +01:00
4dc98b635d
whitelist changes:
...
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
"data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
2017-05-02 19:48:25 +01:00
e4bb12329e
array_keys is probably faster
2017-05-02 01:32:24 +01:00
6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely
2017-05-02 00:48:48 +01:00
29ad172261
Merge pull request #496 from aidantwoods/fix/ditch-hhvm-nightly
...
replace hhvm nightly with nightly
2017-05-01 19:35:36 +03:00
131ba75851
filter onevent attributes
2017-05-01 15:44:04 +01:00
924b26e16c
replace hhvm nightly with nightly
2017-05-01 03:57:07 +01:00
af04ac92e2
add xss tests
2017-05-01 03:33:49 +01:00
6bb66db00f
anti-xss
...
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
2017-05-01 03:25:07 +01:00
b3d45c4bb9
Add html escaping to all attributes capable of holding user input.
2017-05-01 02:00:38 +01:00
1d4296f34d
Customizable whitelist of schemas for safeLinks
2017-05-01 01:58:34 +01:00
bf5105cb1a
Improve safeLinks with whitelist.
2017-05-01 01:58:34 +01:00
1140613fc7
Prevent various XSS attacks
2017-05-01 01:58:34 +01:00
1d0af35f10
update test to result generated by CommonMark reference parser
2017-03-29 18:26:07 +01:00
d7956e3ade
blockmarkup ends on interrupt by newline (CommonMark compliance)
2017-03-29 18:25:56 +01:00
4367f89a74
attempt to fix failing builds on 5.3
2017-03-29 19:30:24 +03:00
1bf24f7334
add kbd to text-level elements
2017-03-29 19:04:15 +03:00
0a09d5ad45
update tests to reflect changes in phpunit 6.0
2017-03-23 20:21:18 +02:00
3fc442b078
Merge pull request #484 from hkdobrev/patch-1
...
Add Symfony demo to "Who uses it?"
2017-03-10 09:41:24 +02:00
bd0e31a7dd
Add Symfony demo to "Who uses it?"
...
409a65b373/composer.json (L24)
2017-03-10 01:04:53 +02:00
dfaf03639a
Merge pull request #480 from pjona/patch-1
...
Removed double semicolon
2017-03-08 23:21:03 +02:00
7081afe8cb
Removed double semicolon
2017-03-02 12:43:51 +01:00
4b6493999a
Merge pull request #465 from aidantwoods/patch-8
...
Trim surrounding whitespace from URL in inlineLink
2017-01-23 09:45:19 +02:00
0172d779d7
Trim surrounding whitespace from URL in inlineLink
...
Fixes https://github.com/erusev/parsedown-extra/issues/103
2017-01-21 11:06:41 +00:00
cc5b38ca39
Merge pull request #459 from gene-sis/fix_inlineLink_regex
...
fix_inlineLink_regex
2017-01-07 16:51:03 +02:00
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
20ff8bbb57
Merge pull request #447 from greut/phpunit-from-extra
...
Fix include from ParsedownTest
2016-11-02 17:56:58 +02:00
bc21988fe5
Fix include from ParsedownTest
...
I wasn't able to run all the tests from ParsedownExtra because of it.
2016-11-02 09:27:35 +01:00
e3c3e28554
Merge pull request #446 from jamesevickery/master
...
Grammar update
2016-10-25 17:39:55 +03:00
f053740132
Merge pull request #1 from erusev/master
...
Merge pull request #445 from jamesevickery/master
2016-10-25 15:24:11 +01:00
7a92a31739
Grammar update
2016-10-25 15:22:17 +01:00
6eca8796fb
Merge pull request #445 from jamesevickery/master
...
Tiny grammar correction
2016-10-25 17:21:57 +03:00
8876c0984e
Tiny grammar correction
2016-10-25 15:10:22 +01:00
67e454e300
Merge pull request #2 from PhrozenByte/aidantwoods/patch-4
...
Use the list marker width to determine whether a list item is continued
2016-10-14 08:29:11 +01:00
ae0211a84c
Travis: Add PHP nightly
2016-10-13 22:17:03 +02:00
a9f696f7bb
Improve CommonMark spec example regex
...
CommonMark spec example [#170 ](http://spec.commonmark.org/0.26/#example-170 ) has a empty HTML result.
2016-10-13 22:16:46 +02:00
a3836b1853
Handle subsequent list items which aren't indented sufficiently
...
Subsequent list items which aren't indented sufficiently are treated as part of the original list, see CommonMark spec example [#256 ](http://spec.commonmark.org/0.26/#example-256 ).
2016-10-13 20:44:02 +02:00
a9e1163c85
Fix code formatting
2016-10-13 19:52:38 +02:00
7b1529fff0
Use the list marker width to determine whether a list item is continued
...
This basically represents [list item parsing](http://spec.commonmark.org/0.26/#list-items ), rule 1 of the CommonMark specs.
2016-10-13 19:51:32 +02:00
1d61f90bf9
Support list items starting with indented code
2016-10-13 19:47:06 +02:00
4b3b7df710
Support list items starting with a blank line
...
According to the CommonMark specs ([list items](http://spec.commonmark.org/0.26/#list-items ), rule 3), list items starting with a blank line basically behave like as if the \n doesn't exist. Also see example [#241 ](http://spec.commonmark.org/0.26/#example-241 ).
2016-10-13 19:46:29 +02:00
30ff5c6e75
Remove unused $placeholder variable
2016-10-13 19:31:35 +02:00
bdf537e9d5
Fix ordered list start argument
...
See CommonMark spec examples [#226 ](http://spec.commonmark.org/0.26/#example-226 ) to #229
2016-10-13 19:30:50 +02:00
81025cd468
Revert "Break less previously passed CommonMarkWeak tests"
...
This reverts commit 2db3199510
2016-10-13 19:25:43 +02:00
e691034861
Revert "Prevent failure with data set 77 in CommonMarkWeak"
...
This reverts commit 0a43799da4
2016-10-13 19:25:37 +02:00
eb853da92a
Revert "Prevent breaking remaining previously compliant CommonMarkWeak tests"
...
This reverts commit 6973302ca8
2016-10-13 19:25:30 +02:00
Aidan Woods
Emanuil Rusev
naNuke
Haralan Dobrev
Marek Skiba
gene_sis
Yoan Blanc
James Vickery
Daniel Rudolf