-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HtmlEscaping and SafeLinks #181
Conversation
Changed my mind about the test cases since there were some small issues. Now everything should work as intended. |
…the specific methods instead.
Hopefully last change, initially thought that removing the indentifiers from the types array would be better for performance but then figured out it might be huge pain to extend so moved the blocks into identify methods instead, feels much better now. Cheers :) |
I apologise for neglecting this for so long. I was wondering if you saw the p.s. You can test the option at http://parsedown.org/demo?set[MarkupEscaped]=1 |
Yes that is why I closed the request :) tho it doesnt add "safelinks" and I didnt see escaping of html comments which can be used for xss attacks in internet explorer but my pull request is outdated anyway so would have to remake it anyway :P |
Thanks! I'd appreciate a pull request that addresses the escaping of comments. It should be as simple as possible, though and strictly focused on the issue it resolves. As to "safelinks", I'd love to discuss these in a separate issue. |
Hello, I just started using parsedown in my project and love it very much! But since I needed html escaping I made some modifications that I use at the moment. I know that this is already discussed in issue list and possibly being already worked on but I want to share my code just in case it might come in handy.
I tried to stay as much in style of parsedown code as I could.
Also I am sorry that I am not providing test cases for this, but I never worked with any tests and would possibly do it wrong.
I did quite bit of testing with various markdown texts and all seem to work properly and by trying to understand the parsedown code, I don't see a reason why this method of escaping should break the intended features of markdown.