Skip to content

Commit

Permalink
Merge pull request markedjs#976 from UziTech/v0.3.9
Browse files Browse the repository at this point in the history
V0.3.9
  • Loading branch information
joshbruce authored Dec 23, 2017
2 parents 0abd539 + a6105df commit 738911c
Show file tree
Hide file tree
Showing 15 changed files with 157 additions and 51 deletions.
1 change: 0 additions & 1 deletion bower.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
{
"name": "marked",
"version": "0.3.4",
"homepage": "https://github.com/chjj/marked",
"authors": [
"Christopher Jeffrey <chjjeffrey@gmail.com>"
Expand Down
51 changes: 40 additions & 11 deletions lib/marked.js
Original file line number Diff line number Diff line change
Expand Up @@ -39,10 +39,6 @@ block.list = replace(block.list)
('def', '\\n+(?=' + block.def.source + ')')
();

block.blockquote = replace(block.blockquote)
('def', block.def)
();

block._tag = '(?!(?:'
+ 'a|em|strong|small|s|cite|q|dfn|abbr|data|time|code'
+ '|var|samp|kbd|sub|sup|i|b|u|mark|ruby|rt|rp|bdi|bdo'
Expand Down Expand Up @@ -457,7 +453,7 @@ var inline = {
nolink: /^!?\[((?:\[[^\]]*\]|[^\[\]])*)\]/,
strong: /^__([\s\S]+?)__(?!_)|^\*\*([\s\S]+?)\*\*(?!\*)/,
em: /^\b_((?:[^_]|__)+?)_\b|^\*((?:\*\*|[\s\S])+?)\*(?!\*)/,
code: /^(`+)\s*([\s\S]*?[^`])\s*\1(?!`)/,
code: /^(`+)([\s\S]*?[^`])\1(?!`)/,
br: /^ {2,}\n(?!\s*$)/,
del: noop,
text: /^[\s\S]+?(?=[\\<!\[_*`]| {2,}\n|$)/
Expand Down Expand Up @@ -578,9 +574,11 @@ InlineLexer.prototype.output = function(src) {
if (cap = this.rules.autolink.exec(src)) {
src = src.substring(cap[0].length);
if (cap[2] === '@') {
text = cap[1].charAt(6) === ':'
text = escape(
cap[1].charAt(6) === ':'
? this.mangle(cap[1].substring(7))
: this.mangle(cap[1]);
: this.mangle(cap[1])
);
href = this.mangle('mailto:') + text;
} else {
text = escape(cap[1]);
Expand Down Expand Up @@ -661,7 +659,7 @@ InlineLexer.prototype.output = function(src) {
// code
if (cap = this.rules.code.exec(src)) {
src = src.substring(cap[0].length);
out += this.renderer.codespan(escape(cap[2], true));
out += this.renderer.codespan(escape(cap[2].trim(), true));
continue;
}

Expand Down Expand Up @@ -879,6 +877,9 @@ Renderer.prototype.link = function(href, title, text) {
return '';
}
}
if (this.options.baseUrl && !originIndependentUrl.test(href)) {
href = resolveUrl(this.options.baseUrl, href);
}
var out = '<a href="' + href + '"';
if (title) {
out += ' title="' + title + '"';
Expand All @@ -888,6 +889,9 @@ Renderer.prototype.link = function(href, title, text) {
};

Renderer.prototype.image = function(href, title, text) {
if (this.options.baseUrl && !originIndependentUrl.test(href)) {
href = resolveUrl(this.options.baseUrl, href);
}
var out = '<img src="' + href + '" alt="' + text + '"';
if (title) {
out += ' title="' + title + '"';
Expand Down Expand Up @@ -1094,8 +1098,8 @@ function escape(html, encode) {
}

function unescape(html) {
// explicitly match decimal, hex, and named HTML entities
return html.replace(/&(#(?:\d+)|(?:#x[0-9A-Fa-f]+)|(?:\w+));?/g, function(_, n) {
// explicitly match decimal, hex, and named HTML entities
return html.replace(/&(#(?:\d+)|(?:#x[0-9A-Fa-f]+)|(?:\w+));?/ig, function(_, n) {
n = n.toLowerCase();
if (n === 'colon') return ':';
if (n.charAt(0) === '#') {
Expand All @@ -1119,6 +1123,30 @@ function replace(regex, opt) {
};
}

function resolveUrl(base, href) {
if (!baseUrls[' ' + base]) {
// we can ignore everything in base after the last slash of its path component,
// but we might need to add _that_
// https://tools.ietf.org/html/rfc3986#section-3
if (/^[^:]+:\/*[^/]*$/.test(base)) {
baseUrls[' ' + base] = base + '/';
} else {
baseUrls[' ' + base] = base.replace(/[^/]*$/, '');
}
}
base = baseUrls[' ' + base];

if (href.slice(0, 2) === '//') {
return base.replace(/:[^]*/, ':') + href;
} else if (href.charAt(0) === '/') {
return base.replace(/(:\/*[^/]*)[^]*/, '$1') + href;
} else {
return base + href;
}
}
baseUrls = {};
originIndependentUrl = /^$|^[a-z][a-z0-9+.-]*:|^[?#]/i;

function noop() {}
noop.exec = noop;

Expand Down Expand Up @@ -1253,7 +1281,8 @@ marked.defaults = {
smartypants: false,
headerPrefix: '',
renderer: new Renderer,
xhtml: false
xhtml: false,
baseUrl: null
};

/**
Expand Down
2 changes: 1 addition & 1 deletion marked.min.js

Large diffs are not rendered by default.

10 changes: 5 additions & 5 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"name": "marked",
"description": "A markdown parser built for speed",
"author": "Christopher Jeffrey",
"version": "0.3.7",
"version": "0.3.9",
"main": "./lib/marked.js",
"bin": "./bin/marked",
"man": "./man/marked.1",
Expand Down
5 changes: 4 additions & 1 deletion test/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,10 @@ main:
});
flags.forEach(function(key) {
var val = true;
if (key.indexOf('no') === 0) {
if(key.indexOf('=') !== -1) {
val = decodeURIComponent(key.substring(key.indexOf('=') + 1));
key = key.substring(0, key.indexOf('='));
} else if (key.indexOf('no') === 0) {
key = key.substring(2);
val = false;
}
Expand Down
4 changes: 3 additions & 1 deletion test/tests/def_blocks.html
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@
<hr>

<blockquote>
<p>hello</p>
<p>hello
[2]: hello</p>
</blockquote>


Expand All @@ -24,5 +25,6 @@
<blockquote>
<p>foo
bar
[1]: foo
bar</p>
</blockquote>
3 changes: 3 additions & 0 deletions test/tests/mangle_xss.sanatize.nomangle.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<p><a href="mailto:&lt;svg/onload=&quot;alert(1)&quot;//@x">&lt;svg/onload=&quot;alert(1)&quot;//@x</a></p>

<p><a href="mailto:bar&quot;onclick=&quot;alert(&#39;XSS&#39;)&quot;@foo">bar&quot;onclick=&quot;alert(&#39;XSS&#39;)&quot;@foo</a></p>
3 changes: 3 additions & 0 deletions test/tests/mangle_xss.sanatize.nomangle.text
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
<<svg/onload="alert(1)"//@x>

<bar"onclick="alert('XSS')"@foo>
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<h1 id="absolutization-of-rfc-3986-uris">Absolutization of RFC 3986 URIs</h1>

<h2 id="absolute-uri">Absolute URI</h2>

<p><a href="http://example.com/"><img src="http://example.com/logo" alt="section 4.3"></a></p>

<h2 id="network-path-reference">Network-path reference</h2>

<p><a href="http://example.com/"><img src="http://example.com/logo" alt="section 4.2"></a></p>

<h2 id="absolute-path">Absolute path</h2>

<p><a href="http://example.com/path/to/content"><img src="http://example.com/path/to/img" alt="section 4.2"></a></p>

<h2 id="relative-path">Relative path</h2>

<p><a href="http://example.com/base/content"><img src="http://example.com/base/img" alt="section 4.2"></a></p>

<h2 id="dot-relative-path">Dot-relative path</h2>

<p><a href="http://example.com/base/./content"><img src="http://example.com/base/./img" alt="section 3.3"></a></p>

<p><a href="http://example.com/base/../content"><img src="http://example.com/base/../img" alt="section 3.3"></a></p>

<h2 id="same-document-query">Same-document query</h2>

<p><a href="?"><img src="?type=image" alt="section 4.4"></a></p>

<h2 id="same-document-fragment">Same-document fragment</h2>

<p><a href="#"><img src="#img" alt="section 4.4"></a></p>

<h2 id="empty">Empty</h2>

<p><a href="">section 4.2</a></p>
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Absolutization of RFC 3986 URIs

## Absolute URI
[![section 4.3](http://example.com/logo)](http://example.com/)

## Network-path reference
[![section 4.2](//example.com/logo)](//example.com/)

## Absolute path
[![section 4.2](/path/to/img)](/path/to/content)

## Relative path
[![section 4.2](img)](content)

## Dot-relative path
[![section 3.3](./img)](./content)

[![section 3.3](../img)](../content)

## Same-document query
[![section 4.4](?type=image)](?)

## Same-document fragment
[![section 4.4](#img)](#)

## Empty
[section 4.2]()
30 changes: 15 additions & 15 deletions test/tests/toplevel_paragraphs.gfm.html
Original file line number Diff line number Diff line change
@@ -1,30 +1,30 @@
<p>hello world
how are you
how are you</p>
text after spaces
text after spaces</p>

<p>hello world</p>
<pre><code>how are you</code></pre>
<p>paragraph before code</p>
<pre><code>text inside block code</code></pre>

<p>hello world</p>
<p>paragraph before hr</p>
<hr>

<p>hello world</p>
<p>paragraph before head with hash</p>
<h1 id="how-are-you">how are you</h1>

<p>hello world</p>
<p>paragraph before head with equals</p>
<h1 id="how-are-you">how are you</h1>

<p>hello world</p>
<blockquote><p>how are you</p></blockquote>
<p>paragraph before blockquote</p>
<blockquote><p>text for blockquote</p></blockquote>

<p>hello world</p>
<ul><li>how are you</li></ul>
<p>paragraph before list</p>
<ul><li>text inside list</li></ul>

<p>hello world</p>
<div>how are you</div>
<p>paragraph before div</p>
<div>text inside div</div>

<p>hello world
<span>how are you</span></p>
<p>paragraph with span
<span>text inside span</span></p>

<p>hello <a href="/are/you">world</a>
</p>
Expand Down
31 changes: 16 additions & 15 deletions test/tests/toplevel_paragraphs.gfm.text
Original file line number Diff line number Diff line change
@@ -1,35 +1,36 @@
hello world
how are you
how are you
text after spaces
text after spaces

hello world
paragraph before code
```
how are you
text inside block code
```

hello world
paragraph before hr
* * *

hello world
paragraph before head with hash
# how are you

hello world
paragraph before head with equals
how are you
===========

hello world
> how are you
paragraph before blockquote
> text for blockquote

hello world
* how are you
paragraph before list
* text inside list

hello world
<div>how are you</div>
paragraph before div
<div>text inside div</div>

hello world
<span>how are you</span>
paragraph with span
<span>text inside span</span>

hello [world][how]

[how]: /are/you

<div>hello</div>
Expand Down
2 changes: 2 additions & 0 deletions test/tests/uppercase_hex.sanitize.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
<p>lowerlower
upperupper</p>
2 changes: 2 additions & 0 deletions test/tests/uppercase_hex.sanitize.text
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
lower[click me](javascript&#x3a;...)lower
upper[click me](javascript&#X3a;...)upper

0 comments on commit 738911c

Please sign in to comment.