codewalker/marked
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
1,346 Commits 1 Branch 191 Tags
Commit Graph

524 Commits

Author SHA1 Message Date
Antoine du Hamel
47cf2b2cf2
add hard line break when backslash at EOL 
A backslash at the end of the line is a hard line break.

Ref: https://spec.commonmark.org/0.28/#example-293
 2018-07-03 10:43:21 +02:00
Rich Trott
04e04b10d4 fix issues link references and prototypes 
Link with names that clashed with properties inherited from the
Object prototype (such as "constructor") were not expanding. This fixes
this issue.

Before this change, markdown of this form...:

    Link: [constructor][].

    [constructor]: https://example.org/

...resulted in HTML output of this form:

    <p>Link: [constructor][].</p>

With this change, it now renders as expected:

    <p>Link: <a href="https://example.org/">constructor</a>.</p>
 2018-06-28 13:41:43 -07:00
Steven
05e322c69b
Merge pull request #1262 from UziTech/table-cells 
Fix table cells
 2018-06-12 11:49:29 -04:00
Tony Brix
898f61294d add comments for clarity 2018-06-04 15:23:55 -05:00
Steven
37a9f1f742
Merge pull request #1260 from davisjam/Rtrim 
security: use rtrim, not unsafe /X+$/
 2018-06-03 15:26:46 -04:00
Jamie Davis
0610f9f9a4 remove unnecessary if check 2018-06-02 14:12:17 -04:00
Jamie Davis
2e05c777ac address review comments 2018-06-02 01:24:55 -04:00
Steven
0bc2fc5b6d
Merge pull request #1265 from remyrylan/master 
CommonMark code block class names
 2018-05-11 13:29:38 -04:00
Remy Rylan
6ab2593530 Remove extra inner linebreak from code blocks 2018-05-11 11:20:29 -04:00
Remy Rylan
7b1d0be249 Update fenced code blocks to CommonMark standard 2018-05-11 11:12:12 -04:00
Tony Brix
2c17a5a1ec test pass 2018-05-09 16:27:30 -05:00
Jamie Davis
7e5a72703d security: rtrim, not unsafe /X+$/ idiom 
Problem:
replace(/X+$/, '') is vulnerable to REDOS

Solution:
Replace all instances I could find with a custom rtrim
 2018-05-09 11:07:20 -04:00
Steven
42c3915242
Merge pull request #1250 from tomtheisen/gfm-tasks 
GFM compliance for tasks lists
 2018-05-08 11:26:46 -04:00
Tom Theisen
b083a1a307 space following task checkbox 2018-05-03 19:52:57 -07:00
Tom Theisen
aa73bb6ea7 add space to task regex and disable xhtml for gfm testing 2018-05-03 19:51:31 -07:00
Tom Theisen
7482990131 GFM compliance for tasks 2018-05-02 20:17:13 -07:00
Tony Brix
9d5ecbe565 fix paragraph 2018-05-02 12:05:36 -05:00
Tony Brix
ee463d4267 add back q mark 2018-05-02 08:41:30 -05:00
Tom Theisen
b78deebfcf lint 2018-04-30 20:11:43 -07:00
Tom Theisen
be922cecdd GFM table compliance 2018-04-30 20:11:01 -07:00
Tom Theisen
e4973edfed lint 2018-04-24 21:20:10 -07:00
Tom Theisen
bbdf191931 handle escaped pipes in gfm tables 2018-04-24 21:19:14 -07:00
Tony Brix
6869998638 set title to empty string 2018-04-17 13:27:18 -05:00
Tony Brix
5aed7249b1 remove () around pedantic title 2018-04-17 09:43:47 -05:00
Tony Brix
5bc83ea8a6 fix href < 2018-04-16 22:16:36 -05:00
Tony Brix
4b7cfbe8f2 remove unnecessary trim 2018-04-16 22:05:02 -05:00
Tony Brix
090debd9b4 move processing 2018-04-16 21:51:28 -05:00
Jamie Davis
5ab4ae3649 security: replace vulnerable regex with parser (#1223) 
* security: replace vulnerable regex with parser

Problem: link regex was vulnerable
Solution: dedicated parser

Fixes: #1222
 2018-04-16 20:21:12 -04:00
Jamie Davis
f052a2c04e security: fix unsafe heading regex 
Problem:
REDOS could be triggered through exploitation of the 'heading' regex.

Solution:
Refactor regex. It matches the same language as before but
is less vulnerable to REDOS.
It is now safe using the bounds suggested by those disclosing it.
It remains super-linear but a successful exploit requires
a much longer attack string.

Fixes:
Issue disclosed privately.

Credit:
This issue was pointed out by
Nick Starke and Adam Cazzolla of Sonatype Security research.
 2018-04-15 22:20:15 -04:00
Tony Brix
4e52c427c6 Merge branch 'master' into pr/1135 2018-04-10 10:10:29 -05:00
Tony Brix
17b231d484 return defaults 2018-04-10 08:28:40 -05:00
Tony Brix
b858452c9c use getDefaults 2018-04-10 07:53:59 -05:00
Tony Brix
ae8f612de5 add marked.origDefaults 2018-04-09 23:19:04 -05:00
Federico Soave
bc7c9dbfb3 do not allow newlines inside html attributes, make cm test 60 pass 2018-04-10 01:16:14 +02:00
Federico Soave
b738cd649c Merge remote-tracking branch 'markedjs/master' into cm_links 2018-04-09 20:43:54 +02:00
Tony Brix
81e01d4faf add more edge cases 2018-04-05 09:34:03 -05:00
Tony Brix
60c2dc4f2c fix inline.em 2018-04-05 09:34:02 -05:00
Tony Brix
a19e2b631a
use default options in Renderer by default 2018-04-04 14:30:42 -05:00
Josh Bruce
8804676f98 Disable heading IDs (#1190) 
* Add option to disable heading ids
* Alphabetize and add options to docs
 2018-04-03 15:10:26 -04:00
Paul Roub
f69a82f7bc Remove redundant cast 2018-03-21 09:23:13 -04:00
Paul Roub
697af11e53 Added integration tests for explicitly-initialized ordered lists. 
Fixed a bug in the initial implementation of ordered-list
initialization.

Add a simpler unit test around starting-from-zero.
 2018-03-20 17:03:11 -04:00
Paul Roub
6b4f2ffa10 Start ordered lists using the initial numbers from markdown lists 
Adds tests for list creation and continuation when starting with a
number other than 1.

Emits 'start' attribute only when necessary; simple cases behave as
always.
 2018-03-15 12:56:59 -04:00
Federico Soave
9cb1900de7 fix backtracking vulnerability in block.pedantic.html as in #1083 2018-03-08 20:55:35 +01:00
Federico Soave
680a6c3c32 Merge remote-tracking branch 'markedjs/master' into cm_links 2018-03-08 19:36:17 +01:00
Federico Soave
c398550341 do not allow control characters in link destinations, per commonmark 2018-03-06 04:37:02 +01:00
Federico Soave
f7d4d21c0f update the list of markdown escapes, per commonmark 2018-03-06 04:35:01 +01:00
Federico Soave
209dff15ef add collapsed reference [links][] = [links][links] 2018-03-06 04:00:14 +01:00
Federico Soave
8594a066bb link labels must have at least one non-whitespace character 2018-03-06 03:54:19 +01:00
Federico Soave
f584acaaee do not process escapes in link labels 2018-03-06 03:48:31 +01:00
Federico Soave
b9394a0ec8 BREAKING CHANGE: space is no longer allowed between [link text] and [link label] in reference links. 
The old behavior is now available in the pedantic mode.
To comply with commonmark: http://spec.commonmark.org/0.28/#example-514
 2018-03-06 03:36:34 +01:00