codewalker/marked
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity
1,329 Commits 1 Branch 191 Tags
Commit Graph

523 Commits

Author SHA1 Message Date
Rich Trott
a3cddeeae6 fix gfm extended autolinking requiring multiple backpedals 
Add a test and fix that trailing punctuation is omitted in link URLs for
markdown like this:

    (See https://www.example.com/fhqwhgads.)

The trailing period and closing parenthesis should not be part of the
link URL.
 2018-06-22 13:51:48 -07:00
Steven
05e322c69b
Merge pull request #1262 from UziTech/table-cells 
Fix table cells
 2018-06-12 11:49:29 -04:00
Tony Brix
898f61294d add comments for clarity 2018-06-04 15:23:55 -05:00
Steven
37a9f1f742
Merge pull request #1260 from davisjam/Rtrim 
security: use rtrim, not unsafe /X+$/
 2018-06-03 15:26:46 -04:00
Jamie Davis
0610f9f9a4 remove unnecessary if check 2018-06-02 14:12:17 -04:00
Jamie Davis
2e05c777ac address review comments 2018-06-02 01:24:55 -04:00
Steven
0bc2fc5b6d
Merge pull request #1265 from remyrylan/master 
CommonMark code block class names
 2018-05-11 13:29:38 -04:00
Remy Rylan
6ab2593530 Remove extra inner linebreak from code blocks 2018-05-11 11:20:29 -04:00
Remy Rylan
7b1d0be249 Update fenced code blocks to CommonMark standard 2018-05-11 11:12:12 -04:00
Tony Brix
2c17a5a1ec test pass 2018-05-09 16:27:30 -05:00
Jamie Davis
7e5a72703d security: rtrim, not unsafe /X+$/ idiom 
Problem:
replace(/X+$/, '') is vulnerable to REDOS

Solution:
Replace all instances I could find with a custom rtrim
 2018-05-09 11:07:20 -04:00
Steven
42c3915242
Merge pull request #1250 from tomtheisen/gfm-tasks 
GFM compliance for tasks lists
 2018-05-08 11:26:46 -04:00
Tom Theisen
b083a1a307 space following task checkbox 2018-05-03 19:52:57 -07:00
Tom Theisen
aa73bb6ea7 add space to task regex and disable xhtml for gfm testing 2018-05-03 19:51:31 -07:00
Tom Theisen
7482990131 GFM compliance for tasks 2018-05-02 20:17:13 -07:00
Tony Brix
9d5ecbe565 fix paragraph 2018-05-02 12:05:36 -05:00
Tony Brix
ee463d4267 add back q mark 2018-05-02 08:41:30 -05:00
Tom Theisen
b78deebfcf lint 2018-04-30 20:11:43 -07:00
Tom Theisen
be922cecdd GFM table compliance 2018-04-30 20:11:01 -07:00
Tom Theisen
e4973edfed lint 2018-04-24 21:20:10 -07:00
Tom Theisen
bbdf191931 handle escaped pipes in gfm tables 2018-04-24 21:19:14 -07:00
Tony Brix
6869998638 set title to empty string 2018-04-17 13:27:18 -05:00
Tony Brix
5aed7249b1 remove () around pedantic title 2018-04-17 09:43:47 -05:00
Tony Brix
5bc83ea8a6 fix href < 2018-04-16 22:16:36 -05:00
Tony Brix
4b7cfbe8f2 remove unnecessary trim 2018-04-16 22:05:02 -05:00
Tony Brix
090debd9b4 move processing 2018-04-16 21:51:28 -05:00
Jamie Davis
5ab4ae3649 security: replace vulnerable regex with parser (#1223) 
* security: replace vulnerable regex with parser

Problem: link regex was vulnerable
Solution: dedicated parser

Fixes: #1222
 2018-04-16 20:21:12 -04:00
Jamie Davis
f052a2c04e security: fix unsafe heading regex 
Problem:
REDOS could be triggered through exploitation of the 'heading' regex.

Solution:
Refactor regex. It matches the same language as before but
is less vulnerable to REDOS.
It is now safe using the bounds suggested by those disclosing it.
It remains super-linear but a successful exploit requires
a much longer attack string.

Fixes:
Issue disclosed privately.

Credit:
This issue was pointed out by
Nick Starke and Adam Cazzolla of Sonatype Security research.
 2018-04-15 22:20:15 -04:00
Tony Brix
4e52c427c6 Merge branch 'master' into pr/1135 2018-04-10 10:10:29 -05:00
Tony Brix
17b231d484 return defaults 2018-04-10 08:28:40 -05:00
Tony Brix
b858452c9c use getDefaults 2018-04-10 07:53:59 -05:00
Tony Brix
ae8f612de5 add marked.origDefaults 2018-04-09 23:19:04 -05:00
Federico Soave
bc7c9dbfb3 do not allow newlines inside html attributes, make cm test 60 pass 2018-04-10 01:16:14 +02:00
Federico Soave
b738cd649c Merge remote-tracking branch 'markedjs/master' into cm_links 2018-04-09 20:43:54 +02:00
Tony Brix
81e01d4faf add more edge cases 2018-04-05 09:34:03 -05:00
Tony Brix
60c2dc4f2c fix inline.em 2018-04-05 09:34:02 -05:00
Tony Brix
a19e2b631a
use default options in Renderer by default 2018-04-04 14:30:42 -05:00
Josh Bruce
8804676f98 Disable heading IDs (#1190) 
* Add option to disable heading ids
* Alphabetize and add options to docs
 2018-04-03 15:10:26 -04:00
Paul Roub
f69a82f7bc Remove redundant cast 2018-03-21 09:23:13 -04:00
Paul Roub
697af11e53 Added integration tests for explicitly-initialized ordered lists. 
Fixed a bug in the initial implementation of ordered-list
initialization.

Add a simpler unit test around starting-from-zero.
 2018-03-20 17:03:11 -04:00
Paul Roub
6b4f2ffa10 Start ordered lists using the initial numbers from markdown lists 
Adds tests for list creation and continuation when starting with a
number other than 1.

Emits 'start' attribute only when necessary; simple cases behave as
always.
 2018-03-15 12:56:59 -04:00
Federico Soave
9cb1900de7 fix backtracking vulnerability in block.pedantic.html as in #1083 2018-03-08 20:55:35 +01:00
Federico Soave
680a6c3c32 Merge remote-tracking branch 'markedjs/master' into cm_links 2018-03-08 19:36:17 +01:00
Federico Soave
c398550341 do not allow control characters in link destinations, per commonmark 2018-03-06 04:37:02 +01:00
Federico Soave
f7d4d21c0f update the list of markdown escapes, per commonmark 2018-03-06 04:35:01 +01:00
Federico Soave
209dff15ef add collapsed reference [links][] = [links][links] 2018-03-06 04:00:14 +01:00
Federico Soave
8594a066bb link labels must have at least one non-whitespace character 2018-03-06 03:54:19 +01:00
Federico Soave
f584acaaee do not process escapes in link labels 2018-03-06 03:48:31 +01:00
Federico Soave
b9394a0ec8 BREAKING CHANGE: space is no longer allowed between [link text] and [link label] in reference links. 
The old behavior is now available in the pedantic mode.
To comply with commonmark: http://spec.commonmark.org/0.28/#example-514
 2018-03-06 03:36:34 +01:00
Federico Soave
22b06cc36b perform space normalization when storing link reference labels 2018-03-06 03:20:28 +01:00