mirror/php-parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2025-09-02 19:32:35 +02:00
Code Issues Releases Wiki Activity
875 Commits 4 Branches 82 Tags
master
Commit Graph

875 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Aidan Woods
5057e505d8 Merge pull request #475 from aidantwoods/loose-lists 
Loose lists
 2018-02-28 17:05:00 +00:00
Aidan Woods
ad62bf5a6f Talk about safe mode in the README 2018-02-28 17:03:46 +00:00
Emanuil Rusev
6678d59be4 Merge pull request #495 from aidantwoods/anti-xss 
Prevent various XSS attacks [rebase and update of #276]
1.7.0 		2018-02-28 13:41:37 +02:00
Emanuil Rusev
c999a4b61b improve readme 2018-01-29 20:55:30 +02:00
Emanuil Rusev
e938ab4ffe improve readme 2018-01-29 20:54:40 +02:00
Emanuil Rusev
e69374af0d improve readme 2018-01-29 20:52:27 +02:00
Aidan Woods
722b776684 Test multiple multiline lists 2018-01-29 14:38:19 +01:00
Aidan Woods
7fd92a8fbd update tests 2018-01-29 14:38:19 +01:00
Aidan Woods
0e1043a8d6 consistent li items for loose list 2018-01-29 14:38:19 +01:00
Emanuil Rusev
1196ed9512 Merge pull request #548 from m1guelpf-forks/patch-1 
Update license year
 2018-01-01 18:48:54 +02:00
Miguel Piedrafita
1244122b84 Update LICENSE.txt 2018-01-01 14:09:31 +01:00
Miguel Piedrafita
d98d60aaf3 Update license year 2017-12-31 22:10:48 +01:00
Emanuil Rusev
296ebf0e60 Merge pull request #429 from pablotheissen/patch-1 
Support html tags containing dashes
 2017-11-19 11:15:43 +02:00
Emanuil Rusev
a60ba300b1 Merge pull request #540 from jbafford/patch-1 
Fix typo in README
 2017-11-15 10:31:22 +02:00
John Bafford
089789dfff Fix typo in README 2017-11-14 17:13:31 -05:00
Daniel Rudolf
03e1a6ac02 Merge branch 'master' into bugfix/CommonMarkTest 
Conflicts:
	.travis.yml
	test/CommonMarkTest.php
	test/ParsedownTest.php
	test/bootstrap.php
 2017-11-14 22:09:25 +01:00
Emanuil Rusev
fbe3fe878f Merge pull request #539 from gabriel-caruso/phpunit 
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
1.6.4 		2017-11-14 22:44:03 +02:00
Gabriel Caruso
09827f542c Rewrite Travis CI 2017-11-14 15:19:24 -02:00
Gabriel Caruso
70ef6f5521 Make Travis CI use installed PHPUnit version, not global one 2017-11-14 13:21:11 -02:00
Gabriel Caruso
691e36b1f2 Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase 2017-11-11 00:56:03 -02:00
Emanuil Rusev
af6affdc2c improve readme 2017-11-06 16:54:00 +02:00
Emanuil Rusev
9cf41f27ab improve readme 2017-10-22 16:01:34 +03:00
Emanuil Rusev
16aadff2ed improve readme 2017-10-22 16:00:43 +03:00
Emanuil Rusev
07c937583d improve readme 2017-10-22 15:57:58 +03:00
Aidan Woods
4404201175 Properly support fenced code block infostring 
Reference: http://spec.commonmark.org/0.28/#info-string
 2017-08-20 10:28:46 +01:00
Daniel Berthereau
c05ef0c12a Merge branch 'aidantwoods-htmlblocks' into fix/consistency_follow 2017-06-23 00:00:00 +02:00
Daniel Berthereau
47e4163a68 Merge branch 'htmlblocks' of https://github.com/aidantwoods/parsedown into aidantwoods-htmlblocks 2017-06-23 00:00:00 +02:00
Aidan Woods
c05bff047a correct test to match CommonMark specified input for output 2017-06-22 00:03:12 +01:00
Aidan Woods
6a4afac0d0 remove ability for htmlblock to allow paragraph after if it closes on the same line 2017-06-22 00:02:03 +01:00
Daniel Berthereau
129f807e32 Inverted checks of consistency for markdown following markups. 2017-06-22 00:00:00 +02:00
Daniel Berthereau
be963a6531 Added tests for consistency when a markdown follows a markup without blank line. 2017-06-19 00:00:00 +02:00
Emanuil Rusev
728952b90a Merge pull request #499 from aidantwoods/fix/hhvm 
Fix hhvm build failure
1.6.3 		2017-05-14 17:47:48 +03:00
Aidan Woods
c82af01bd6 add sudo false 2017-05-14 14:39:09 +01:00
Aidan Woods
67c3efbea0 according to https://tools.ietf.org/html/rfc3986#section-3 the colon is a required part of the syntax, other methods of achieving the colon character (as to browser interpretation) should be taken care of by htmlencoding that is done on all attribute content 2017-05-10 16:57:18 +01:00
Emanuil Rusev
593ffd45a3 Merge pull request #406 from adrilo/patch-1 
Create .gitattributes
 2017-05-10 12:28:53 +03:00
Aidan Woods
bbb7687f31 safeMode will either apply all sanitisation techniques to an element or none (note that encoding HTML entities is done regardless because it speaks to character context, and that the only attributes/elements we should permit are the ones we actually mean to create) 2017-05-09 19:31:36 +01:00
Aidan Woods
b1e5aebaf6 add single safeMode option that encompasses protection from link destination xss and plain markup based xss into a single on/off switch 2017-05-09 19:22:58 +01:00
Aidan Woods
c63b690a79 remove duplicates 2017-05-09 14:50:15 +01:00
Aidan Woods
226f636360 remove $safe flag 2017-05-07 13:45:59 +01:00
Aidan Woods
2e4afde68d faster check substr at beginning of string 2017-05-06 16:32:51 +01:00
Aidan Woods
dc30cb441c add more protocols to the whitelist 2017-05-05 21:32:27 +01:00
Emanuil Rusev
f76b10aaab update readme 2017-05-04 10:28:55 +03:00
Aidan Woods
054ba3c487 urlencode urls that are potentially unsafe: 
this should break urls that attempt to include a protocol, or port (these are absolute URLs and should have a whitelisted protocol for use)
but URLs that are relative, or relative from the site root should be preserved (though characters non essential for the URL structure may be urlencoded)

this approach has significant advantages over attempting to locate something like `javascript:alert(1)` or `javascript:alert(1)` (which are both valid) because browsers have been known to ignore ridiculous characters when encountered (meaning something like `jav\ta\0\0script:alert(1)` would be xss :( ). Instead of trying to chase down a way to interpret a URL to decide whether there is a protocol, this approach ensures that two essential characters needed to achieve a colon are encoded `:` (obviously) and `;` (from `:`). If these characters appear in a relative URL then they are equivalent to their URL encoded form and so this change will be non breaking for that case.
 2017-05-03 17:01:27 +01:00
Aidan Woods
4bae1c9834 whitelist regex for good attribute (no 
no chars that could form a delimiter allowed
 2017-05-03 00:39:01 +01:00
Aidan Woods
aee3963e6b jpeg, not jpg 2017-05-02 19:55:03 +01:00
Aidan Woods
4dc98b635d whitelist changes: 
* add gif and jpg as allowed data images
* ensure that user controlled content fall only in the "data section" of the data URI (and does not intersect content-type definition in any way (best to be safe than sorry ;-)))
  "data section" as defined in: https://tools.ietf.org/html/rfc2397#section-3
 2017-05-02 19:48:25 +01:00
Aidan Woods
e4bb12329e array_keys is probably faster 2017-05-02 01:32:24 +01:00
Aidan Woods
6d0156d707 dump attributes that contain characters that are impossible for validity, or very unlikely 2017-05-02 00:48:48 +01:00
Emanuil Rusev
29ad172261 Merge pull request #496 from aidantwoods/fix/ditch-hhvm-nightly 
replace hhvm nightly with nightly
 2017-05-01 19:35:36 +03:00
Aidan Woods
131ba75851 filter onevent attributes 2017-05-01 15:44:04 +01:00