Age | Commit message (Collapse) | Author | Files | Lines |
|
Resolves Issue #69.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1279 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
and images, and in HTML href and src attributes. If the URI scheme
is not on a whitelist of safe schemes, it is rejected. The main point
is to prevent cross-site scripting attacks using 'javascript:' URIs.
See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html
and http://ha.ckers.org/xss.html. Resolves Issue #62.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Do not use codeBlockDelimited in strict mode.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1211 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1209 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
to contain more tildes than beginning line.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1206 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1205 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1204 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1203 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1199 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1181 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
(A '*' is only recognized as the end of the emphasis if it's not the beginning
of a strong emphasis.)
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1172 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1171 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
When this option is specified (--sanitize-html on the command line),
unsafe HTML tags will be replaced by HTML comments, and unsafe HTML
attributes will be removed. This option should be especially useful
for those who want to use pandoc libraries in web applications, where
users will provide the input.
+ Main.hs: Added --sanitize-html option.
+ Text.Pandoc.Shared: Added stateSanitizeHTML to ParserState.
+ Text.Pandoc.Readers.HTML:
- Added whitelists of sanitaryTags and sanitaryAttributes.
- Added parsers to check these lists (and state) to see if a given
tag or attribute should be counted unsafe.
- Modified anyHtmlTag and anyHtmlEndTag to replace unsafe tags
with comments.
- Modified htmlAttribute to remove unsafe attributes.
- Modified htmlScript and htmlStyle to remove these elements if
unsafe.
- Modified rawHtmlBlock to use anyHtmlBlockTag instead of anyHtmlTag
and anyHtmlEndTag. This fixes a bug in markdown parsing, where
inline tags would be included in raw HTML blocks.
- Modified anyHtmlBlockTag to test for (not inline) rather than
directly for block. This allows us to handle e.g. docbook in
the markdown reader.
- Minor tweaks in nonTitleNonHead and parseTitle.
+ Text.Pandoc.Readers.Markdown:
- In non-strict mode use rawHtmlBlocks instead of htmlBlock.
Simplified htmlBlock, since we know it's only called in strict
mode.
+ Modified README and man pages to document new option.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1166 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
could cause it to be parsed as a paragraph. (The problem is that
the HTML parser used to eat all blank space after an HTML block,
including the indentation of the code block.) Resolves Issue #39.
+ In Text.Pandoc.Readers.HTML, removed parsing of following space
from rawHtmlBlock.
+ In Text.Pandoc.Readers.Markdown, modified rawHtmlBlocks so that
indentation is eaten *only* on the first line after the HTML
block. This means that in
<div>
foo
<div>
the foo won't be treated as a code block, but in
<div>
foo
</div>
it will. This seems the right approach for least suprise.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1164 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
instead of using failIfStrict in block parsers. Use a different
ordering of parsers in strict mode: raw HTML block before paragraph.
This recovers performance that was lost in strict mode with r1154.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1157 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ source parser first tries to parse URL with balanced parentheses;
if that doesn't work, it tries to parse everything beginning with
'(' and ending with ')'.
+ source parser now uses an auxiliary function source'.
+ linkTitle parser simplified and improved, under assumption that it
will be called in context of source'.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1156 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ Replaced inlinesInBalanced with inlinesInBalancedBrackets, which instead
of hard-coding the inline parser takes an inline parser as a parameter.
+ Modified reference and inlineNote to use inlinesInBalancedBrackets.
+ Removed unneeded inlineString function.
+ Added inlineNonLink parser, which is now used in the definition of
reference.
+ Added inlineParsers list and redefined inline and inlineNonLink parsers
in terms of it.
+ Added failIfLink parser.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1155 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Tags that can be either block or inline (e.g. <ins>) should be treated
as block when appropriate and as inline when appropriate. Thus, for
example,
<ins>hi</ins>
should be treated as a paragraph with inline <ins> tags, while
<ins>
hi
</ins>
should be treated as a paragraph within <ins> tags.
+ Moved htmlBlock after para in list of block parsers. This ensures
that tags that can be either block or inline get parsed as inline
when appropriate.
+ Modified rawHtmlInline' so that block elements aren't treated as inline.
+ Modified para parser so that paragraphs containing only HTML tags and
blank space are not allowed. Treat these as raw HTML blocks instead.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1154 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
So, for example, [my](/url\(1\)) yields a link to /url(1). Resolves Issue #34.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1151 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Consolidated uri and email address parsers. (Resolves Issue #37.)
+ New emailAddress and uri parsers in Text.Pandoc.Shared.
uri parser uses parseURI from Network.URI. emailAddress
parser properly handles email addresses with periods in them.
+ Removed uri and emailAddress parsers from Text.Pandoc.Readers.RST.
+ Removed uri and emailAddress parsers from Text.Pandoc.Readers.Markdown.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1149 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
This adds unneeded complexity and makes pandoc diverge further
than necessary from other markdown extensions.
Brought documentation, tests, and debian/changelog up to date.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1141 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1115 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1104 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
moving the contents of src/ to the top level, and should have
been deleted long ago.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1097 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ Added library Text.Pandoc.Include, with a template haskell
function $(includeStrFrom fname) to include a file as a string
constant at compile time.
+ This removes the need for the 'templates' directory or Makefile
target. These have been removed.
+ The base source directory has been changed from src to .
+ A new 'data' directory has been added, containing the ASCIIMathML.js
script, writer headers, and S5 files.
+ The src/wrappers directory has been moved to 'wrappers'.
+ The Text.Pandoc.ASCIIMathML library is no longer needed, since
Text.Pandoc.Writers.HTML can use includeStrFrom to include the
ASCIIMathML.js code directly. It has been removed.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1063 788f1e2b-df1e-0410-8736-df70ead52e1b
|