721b885dd3
Fix #565 by validating email as defined in commonmark spec
2018-03-09 17:05:42 +00:00
9857334186
bump version
2018-03-07 22:04:55 -03:00
ae7e8e5067
bump version
2018-03-07 21:51:35 -03:00
72d30d33bc
allow element to have no name
2018-03-01 01:17:32 +00:00
e941dcc3f0
Merge pull request #525 from aidantwoods/fix/infostring
...
Properly support fenced code block infostring
2018-02-28 17:06:25 +00:00
c192001a7e
Merge pull request #433 from aidantwoods/patch-3
...
Fix Issue #358 – preventing double nested links
2018-02-28 17:05:58 +00:00
5057e505d8
Merge pull request #475 from aidantwoods/loose-lists
...
Loose lists
2018-02-28 17:05:00 +00:00
6678d59be4
Merge pull request #495 from aidantwoods/anti-xss
...
Prevent various XSS attacks [rebase and update of #276 ]
2018-02-28 13:41:37 +02:00
0e1043a8d6
consistent li items for loose list
2018-01-29 14:38:19 +01:00
296ebf0e60
Merge pull request #429 from pablotheissen/patch-1
...
Support html tags containing dashes
2017-11-19 11:15:43 +02:00
4404201175
Properly support fenced code block infostring
...
Reference: http://spec.commonmark.org/0.28/#info-string
2017-08-20 10:28:46 +01:00
6a4afac0d0
remove ability for htmlblock to allow paragraph after if it closes on the same line
2017-06-22 00:02:03 +01:00
67c3efbea0
according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content
2017-05-10 16:57:18 +01:00
bbb7687f31
safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create)
2017-05-09 19:31:36 +01:00
b1e5aebaf6
add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch
2017-05-09 19:22:58 +01:00
c63b690a79
remove duplicates
2017-05-09 14:50:15 +01:00
226f636360
remove $safe flag
2017-05-07 13:45:59 +01:00
2e4afde68d
faster check substr at beginning of string
2017-05-06 16:32:51 +01:00
dc30cb441c
add more protocols to the whitelist
2017-05-05 21:32:27 +01:00
054ba3c487
urlencode urls that are potentially unsafe:
...
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)
this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
2017-05-03 17:01:27 +01:00
4bae1c9834
whitelist regex for good attribute (no
...
no chars that could form a delimiter allowed
2017-05-03 00:39:01 +01:00
aee3963e6b
jpeg, not jpg
2017-05-02 19:55:03 +01:00
4dc98b635d
whitelist changes:
...
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
"data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
2017-05-02 19:48:25 +01:00
e4bb12329e
array_keys is probably faster
2017-05-02 01:32:24 +01:00
6d0156d707
dump attributes that contain characters that are impossible for validity, or very unlikely
2017-05-02 00:48:48 +01:00
131ba75851
filter onevent attributes
2017-05-01 15:44:04 +01:00
6bb66db00f
anti-xss
...
protect all attributes and content from xss via element method
filter special attributes (a href, img src)
expand url whitelist slightly to permit data images and mailto links
2017-05-01 03:25:07 +01:00
b3d45c4bb9
Add html escaping to all attributes capable of holding user input.
2017-05-01 02:00:38 +01:00
1d4296f34d
Customizable whitelist of schemas for safeLinks
2017-05-01 01:58:34 +01:00
bf5105cb1a
Improve safeLinks with whitelist.
2017-05-01 01:58:34 +01:00
1140613fc7
Prevent various XSS attacks
2017-05-01 01:58:34 +01:00
d7956e3ade
blockmarkup ends on interrupt by newline (CommonMark compliance)
2017-03-29 18:25:56 +01:00
1bf24f7334
add kbd to text-level elements
2017-03-29 19:04:15 +03:00
7081afe8cb
Removed double semicolon
2017-03-02 12:43:51 +01:00
0172d779d7
Trim surrounding whitespace from URL in inlineLink
...
Fixes https://github.com/erusev/parsedown-extra/issues/103
2017-01-21 11:06:41 +00:00
48351504de
adjust two regex pattern within inlineLink() to reduce backtracking
...
add test with base64 image
2017-01-07 00:45:38 +01:00
a3836b1853
Handle subsequent list items which aren't indented sufficiently
...
Subsequent list items which aren't indented sufficiently are treated as part of the original list, see CommonMark spec example [#256 ](http://spec.commonmark.org/0.26/#example-256 ).
2016-10-13 20:44:02 +02:00
a9e1163c85
Fix code formatting
2016-10-13 19:52:38 +02:00
7b1529fff0
Use the list marker width to determine whether a list item is continued
...
This basically represents [list item parsing](http://spec.commonmark.org/0.26/#list-items ), rule 1 of the CommonMark specs.
2016-10-13 19:51:32 +02:00
1d61f90bf9
Support list items starting with indented code
2016-10-13 19:47:06 +02:00
4b3b7df710
Support list items starting with a blank line
...
According to the CommonMark specs ([list items](http://spec.commonmark.org/0.26/#list-items ), rule 3), list items starting with a blank line basically behave like as if the \n doesn't exist. Also see example [#241 ](http://spec.commonmark.org/0.26/#example-241 ).
2016-10-13 19:46:29 +02:00
30ff5c6e75
Remove unused $placeholder variable
2016-10-13 19:31:35 +02:00
bdf537e9d5
Fix ordered list start argument
...
See CommonMark spec examples [#226 ](http://spec.commonmark.org/0.26/#example-226 ) to #229
2016-10-13 19:30:50 +02:00
81025cd468
Revert "Break less previously passed CommonMarkWeak tests"
...
This reverts commit 2db3199510
2016-10-13 19:25:43 +02:00
e691034861
Revert "Prevent failure with data set 77 in CommonMarkWeak"
...
This reverts commit 0a43799da4
2016-10-13 19:25:37 +02:00
eb853da92a
Revert "Prevent breaking remaining previously compliant CommonMarkWeak tests"
...
This reverts commit 6973302ca8
2016-10-13 19:25:30 +02:00
6973302ca8
Prevent breaking remaining previously compliant CommonMarkWeak tests
2016-10-13 15:55:13 +01:00
0a43799da4
Prevent failure with data set 77 in CommonMarkWeak
2016-10-13 14:29:52 +01:00
2db3199510
Break less previously passed CommonMarkWeak tests
2016-10-12 18:10:44 +01:00
d26b33c20f
Add `)` as an ordered list marker
...
Also added marker check to ordered list case when deciding to continue the current list
2016-10-11 19:18:43 +01:00
0bd61a73ed
Check that the current line is a list before starting a new one
2016-10-11 13:48:38 +01:00
06c4344a71
Contextual limits on indentation stripping
2016-10-11 13:38:47 +01:00
c4d4a6800d
(beginning to) improve commonmark compliance:lists
...
These changes aren't fit for merge, nor do they work correctly (yet)
2016-10-11 12:05:33 +01:00
3aef89b399
Line handler may prevent specified element nesting
...
Swap `under_scores` for `camelCasing`
2016-10-08 17:54:04 +01:00
5c22531e4d
Allow parsedown to specify list start attribute
...
Syntax preferences
2016-10-05 18:27:54 +01:00
3978e33fd0
Allow parsedown to specify list start attribute
...
Remove github added tabs on blank lines
2016-10-05 18:17:12 +01:00
a37797ef34
Allow parsedown to specify list start attribute
...
Syntax preferences to match surrounding code
2016-10-05 18:15:47 +01:00
e3cd271f16
Allow parsedown to specify list start attribute
...
Performance: Swap preg_replace for stristr to obtain list start
2016-10-05 15:44:34 +01:00
f0b7b61c16
Allow parsedown to specify list start attribute
...
Should fix compatibility for PHP 5.3
2016-10-05 11:36:27 +01:00
ed41fcf3d6
Allow parsedown to specify list start attribute
...
oops
2016-10-05 10:06:40 +01:00
1fa8fae301
Allow parsedown to specify list start attribute
...
Readability improvements
2016-10-05 10:03:21 +01:00
543a6c4175
Line handler may prevent specified element nesting
...
Check if array is empty to shave some performance hits in the case than no non nestables are present.
2016-10-04 18:59:36 +01:00
a81aedeb10
Line handler may prevent specified element nesting
...
Removed granularity controls – elements are assumed to be non nestable indefinitely once declared.
2016-10-04 15:27:11 +01:00
50952b3243
Line handler may prevent specified element nesting
...
This commit serves to add comments detailing parts of the new functionality, and to adjust syntax preferences to match that of the surrounding document. The commit title also now reflects the most significant change made.
2016-10-02 18:26:13 +01:00
4d3600f273
Extend disallowed assertion depth capabilities
...
I've built on the functionality of feature 1. in the previous commit to allow non nestables to be asserted indefinitely, or to a specified depth.
2016-10-02 17:37:08 +01:00
d6d5f53ff4
Fix Issue #358 – preventing double nested links
...
1. Add the ability for a parsed element to enforce that the line handler not parse any (immediate) child elements of a specified type.
2. Use 1. to allow parsed Url elements to tell the line handler not to parse any child Links or Urls where they are immediate children.
2016-10-01 15:56:14 +01:00
f17aa0438a
Update Parsedown.php
2016-09-27 02:15:35 +01:00
38f4027d5e
Update Parsedown.php
...
Okay, so maybe I should have looked 20 lines or so above where I made the edit in the element function – looks like it already supports adding attributes ;p
Have amended the change to blocklist to use the already existing functionality, and have reverted the change that I made to the element function.
2016-09-27 02:15:09 +01:00
2cee8d8a2d
Update Parsedown.php
...
Looks like I might need to return the pattern which was used previously
Reverting last change as build still failed
This build will still fail, but I'm hoping it will only fair where the list start value has been inserted
2016-09-27 01:23:22 +01:00
cceefafd55
test
...
Attempting to determine which function change is causing test jobs to fail (in unexpected ways)
2016-09-27 01:16:00 +01:00
1c58e9d8d5
oops
...
oops
2016-09-27 00:57:57 +01:00
2772b034c6
Update Parsedown.php
...
(I think this should work)
Allow parsedown to specify list start attribute (see: https://github.com/erusev/parsedown/issues/100#issuecomment-249729602 )
2016-09-27 00:53:51 +01:00
1a44cbd62c
Update Parsedown.php
...
Made parsedown compatible with html-tags containing dashes.
see https://github.com/erusev/parsedown/issues/407#issuecomment-248833563
2016-09-22 12:21:39 +02:00
490a8f35a4
remove incompatible comment
2016-03-09 19:02:39 +02:00
e7443a2bd8
Fixed really sorry spelling errors
2015-12-18 20:45:14 -07:00
10a7ff776c
Left as-is
2015-12-17 10:48:21 -07:00
5ad15b87fa
Break out method_exists checks into extendable methods to allow for better pluggability
2015-12-17 10:46:44 -07:00
b166cab9a2
Make `lines` protected to allow for extendability
2015-12-17 10:46:04 -07:00
e603c2378d
Parsedown library shouldn't be executable
2015-10-20 15:16:36 -05:00
3ebbd730b5
1.6.0
2015-10-04 19:44:32 +03:00
fa005fdb95
Merge pull request #336 from hkdobrev/late-static-binding
...
Use late static binding for Parsedown::instance()
2015-08-13 15:16:23 +03:00
5f40cab3e7
Use late static binding for Parsedown::instance()
...
Fixes erusev/parsedown-extra#67 .
This introduces PHP 5.3+ late static binding to the Singleton pattern in Parsedown.
It will return an instance of Parsedown which inherits the class which
called the `instance()` method rather than always returning instance of just `Parsedown`.
Tests are testing this feature with a test class which inherits from Parsedown.
Notice that calling `instance()` with the default arguments after an instance of
`Parsedown` was already created, it will return it even though it is from just
an instance of `Parsedown`. So this is fixing the problem just partially.
2015-08-13 13:29:33 +03:00
0e89e3714b
1.5.4
2015-08-03 12:24:05 +03:00
6b24125f06
clean up
2015-07-31 17:01:14 +03:00
a589bcac79
resolve #342
2015-07-31 01:33:21 +03:00
a9dfc97ddc
opening code fence doesn't need 2 regex groups
2015-07-16 16:57:13 +03:00
ba802c1c8d
replace the term "incomplete"
2015-07-02 01:01:14 +03:00
438874e9a8
improve line
2015-06-25 01:05:05 +03:00
e2bb3eaaf8
clean up
2015-06-15 12:28:35 +03:00
b9e5228e92
version 1.5.3
2015-04-29 23:22:24 +03:00
6736ba9a04
Fix check against $matches
...
Fixes inline reference links with int 0 as reference
The link [link][0] where [0] is set at the bottom of the md file current breaks and it's truthy value is false.
2015-04-20 16:24:11 +01:00
b828fe7c8d
Fixes #283
2015-02-03 13:58:47 -08:00
cb8cc57742
Fixes #279
2015-02-02 00:58:24 +01:00
9da19c1108
version 1.5.1
2015-01-24 15:01:47 +02:00
e94ecf4adc
resolve #277
2015-01-24 14:21:55 +02:00
4d3079b908
resolve #274
2015-01-24 14:03:05 +02:00
648419467a
clean up
2015-01-21 01:32:20 +02:00
6ddb6b2b33
resolve #90
2015-01-19 17:11:13 +02:00
0008e69a83
clean up
2015-01-19 17:09:51 +02:00
c664785485
inline methods should be able to handle unmarked inline elements
2015-01-19 17:05:10 +02:00
bdf0ef024e
setter variables should not be private
2015-01-18 19:38:57 +02:00
21a3e8790a
no need for a separate method for every special character
2015-01-16 03:57:47 +02:00
e5e8d02934
improve order of methods
2015-01-16 03:18:07 +02:00
7ff0f97811
improve performance
2015-01-16 02:59:51 +02:00
596350d1f5
improve names of elements
2015-01-16 02:49:55 +02:00
2cbd3010e4
url elements should not be restricted to http
2015-01-16 02:31:58 +02:00
3b4aa6bff7
change the parsing order of tag elements to improve performance
2015-01-16 01:46:43 +02:00
05a8f16e95
improve CommonMark compliance
2015-01-16 01:44:35 +02:00
79d924040a
improve CommonMark compliance
2015-01-16 01:24:02 +02:00
b4a8eb3315
resolve #156
2015-01-16 00:04:18 +02:00
4383cce85b
resolve #143
2015-01-15 22:31:31 +02:00
ada39109e4
resolve #189
2015-01-15 22:04:02 +02:00
a06cdfb814
improve fix for #184
2015-01-15 21:32:18 +02:00
6bee326c92
resolve #184
2015-01-15 21:10:09 +02:00
f08d017bcb
resolve #196
2015-01-15 02:45:45 +02:00
e61a6114b0
resolve #175
2015-01-15 02:37:20 +02:00
9ed72ccd09
resolve #126
2015-01-15 02:24:39 +02:00
09e1184d9f
resolve #265
2015-01-15 00:56:12 +02:00
0d28808392
void markup blocks be marked
2015-01-12 23:24:13 +02:00
78960cf792
improve formatting
2015-01-12 18:53:24 +02:00
8f2e9c7cf6
definitions are blocks
...
in the old implementation it wasn’t possible to have multiline
definitions
2015-01-12 18:52:17 +02:00
3eb6d349f0
"src" and "alt" attributes should come first
2015-01-12 02:58:08 +02:00
08b01a1a29
blocks should be able to return markup
2015-01-12 02:55:00 +02:00
1686b2fbff
we no longer call inline elements spans
2015-01-12 02:55:00 +02:00
15a32fcd0e
no need to know the structure of markup blocks
2015-01-12 02:55:00 +02:00
9f58363e4b
Merge pull request #260 from rhukster/master
...
Fix for Parsedown stripping classes on images supported by ParsedownExtra
2015-01-11 14:50:08 +02:00
05bf198d26
breaksEnabled fix
2015-01-11 06:12:01 +01:00
30234a58fa
No longer needed in this solution
2015-01-10 19:44:30 -07:00
03ff22c7df
Attempted fix for stripped classes on images with ParsedownExtra - re: https://github.com/erusev/parsedown-extra/issues/32
2015-01-10 19:40:39 -07:00
e68a458105
improve consistency
2015-01-10 14:22:54 +02:00
06135cd75a
improve CommonMark compliance
2015-01-10 02:45:51 +02:00
dfacf7a71a
add urlsLinked setter
2015-01-08 16:13:55 +02:00
fd0d8125e7
introduce more structure to parsing of unmarked inlines
2015-01-08 15:19:43 +02:00
b1be886d65
improve names of protected members
2015-01-05 15:05:18 +02:00
19bc6a7083
update variable names to match updated member names
2015-01-05 14:22:06 +02:00
b5efe98e2f
improve names of protected members
2015-01-05 14:22:06 +02:00
5639ef7d69
fix PHPDoc
2015-01-05 14:22:06 +02:00
d29d879ec6
separate parsing of inlines that don't have markers to improve simplicity
2015-01-04 18:37:24 +02:00
c9b4de3c9d
resolve #253
2014-12-21 13:51:16 +02:00
38cc1ca7e0
resolve #251
2014-12-16 13:58:33 +02:00
23c4097fde
restore support for PHP 5.2
2014-12-15 13:59:37 +02:00
ac68800717
improve extensibility
2014-12-15 01:07:29 +02:00
361febf7c6
improve CommonMark compliance
2014-12-15 00:52:03 +02:00
7ab3c60a77
improve CommonMark compliance
2014-12-02 22:23:43 +02:00
495e7ac73b
resolve #247
2014-11-29 04:29:14 +02:00
5bc6d90f8b
resolve #248
2014-11-28 14:03:12 +02:00
9816507a75
markup should preserve empty lines
2014-11-19 20:18:56 +02:00
da5d75e97e
resolve #209
2014-10-29 22:29:46 +02:00
68f3aea036
Ignore html comments as well with markupEscape option.
2014-10-10 19:07:25 +02:00
f64c1387f8
fix indents
2014-09-22 02:52:45 +03:00
Aidan Woods
Luiz Paulo "Bills
Emanuil Rusev
naNuke
Marek Skiba
gene_sis
Daniel Rudolf
pablotheissen
Andy Miller
Jesse Donat
Haralan Dobrev
Gareth Evans
Jeff Standen
Niklas Keller