Age | Commit message (Collapse) | Author | Files | Lines |
|
and images, and in HTML href and src attributes. If the URI scheme
is not on a whitelist of safe schemes, it is rejected. The main point
is to prevent cross-site scripting attacks using 'javascript:' URIs.
See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html
and http://ha.ckers.org/xss.html. Resolves Issue #62.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Do not use codeBlockDelimited in strict mode.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1211 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1209 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
to contain more tildes than beginning line.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1206 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1205 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1204 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1203 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1199 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Added some try's in ordered list parsers.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1191 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1189 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1181 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
selected.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1178 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
The problem was that we were looking for inlines until a '<' character
signaled the start of the URL. So if you hit a reference-style link,
it would keep looking til the end of the document. Fix: change
inline => (notFollowedBy (char '`') >> inline). Note that this won't
allow code inlines in links, but these aren't allowed in resT anyway.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1175 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Allow nonquoted reference links to contain isolated '.', '-', '_', so
so that strings like 'a_b_' count as links.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1174 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
This is unnecessary now that link is above str in the definition of
'inline'.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1173 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
(A '*' is only recognized as the end of the emphasis if it's not the beginning
of a strong emphasis.)
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1172 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1171 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
When this option is specified (--sanitize-html on the command line),
unsafe HTML tags will be replaced by HTML comments, and unsafe HTML
attributes will be removed. This option should be especially useful
for those who want to use pandoc libraries in web applications, where
users will provide the input.
+ Main.hs: Added --sanitize-html option.
+ Text.Pandoc.Shared: Added stateSanitizeHTML to ParserState.
+ Text.Pandoc.Readers.HTML:
- Added whitelists of sanitaryTags and sanitaryAttributes.
- Added parsers to check these lists (and state) to see if a given
tag or attribute should be counted unsafe.
- Modified anyHtmlTag and anyHtmlEndTag to replace unsafe tags
with comments.
- Modified htmlAttribute to remove unsafe attributes.
- Modified htmlScript and htmlStyle to remove these elements if
unsafe.
- Modified rawHtmlBlock to use anyHtmlBlockTag instead of anyHtmlTag
and anyHtmlEndTag. This fixes a bug in markdown parsing, where
inline tags would be included in raw HTML blocks.
- Modified anyHtmlBlockTag to test for (not inline) rather than
directly for block. This allows us to handle e.g. docbook in
the markdown reader.
- Minor tweaks in nonTitleNonHead and parseTitle.
+ Text.Pandoc.Readers.Markdown:
- In non-strict mode use rawHtmlBlocks instead of htmlBlock.
Simplified htmlBlock, since we know it's only called in strict
mode.
+ Modified README and man pages to document new option.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1166 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
could cause it to be parsed as a paragraph. (The problem is that
the HTML parser used to eat all blank space after an HTML block,
including the indentation of the code block.) Resolves Issue #39.
+ In Text.Pandoc.Readers.HTML, removed parsing of following space
from rawHtmlBlock.
+ In Text.Pandoc.Readers.Markdown, modified rawHtmlBlocks so that
indentation is eaten *only* on the first line after the HTML
block. This means that in
<div>
foo
<div>
the foo won't be treated as a code block, but in
<div>
foo
</div>
it will. This seems the right approach for least suprise.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1164 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Contents of script tags were still being treated as markdown when
the script tags were parsed as inline. Fixed by moving "script"
from the list of tags that can be either block or inline to the
list of block tags.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1163 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Resolves Issue #40.
+ Added htmlStyle, analagous to htmlScript.
+ Use htmlStyle in htmlBlockElement and rawHtmlInline.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1162 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1161 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Updated LaTeX reader test to use --parse-raw.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1160 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
instead of using failIfStrict in block parsers. Use a different
ordering of parsers in strict mode: raw HTML block before paragraph.
This recovers performance that was lost in strict mode with r1154.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1157 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ source parser first tries to parse URL with balanced parentheses;
if that doesn't work, it tries to parse everything beginning with
'(' and ending with ')'.
+ source parser now uses an auxiliary function source'.
+ linkTitle parser simplified and improved, under assumption that it
will be called in context of source'.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1156 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ Replaced inlinesInBalanced with inlinesInBalancedBrackets, which instead
of hard-coding the inline parser takes an inline parser as a parameter.
+ Modified reference and inlineNote to use inlinesInBalancedBrackets.
+ Removed unneeded inlineString function.
+ Added inlineNonLink parser, which is now used in the definition of
reference.
+ Added inlineParsers list and redefined inline and inlineNonLink parsers
in terms of it.
+ Added failIfLink parser.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1155 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Tags that can be either block or inline (e.g. <ins>) should be treated
as block when appropriate and as inline when appropriate. Thus, for
example,
<ins>hi</ins>
should be treated as a paragraph with inline <ins> tags, while
<ins>
hi
</ins>
should be treated as a paragraph within <ins> tags.
+ Moved htmlBlock after para in list of block parsers. This ensures
that tags that can be either block or inline get parsed as inline
when appropriate.
+ Modified rawHtmlInline' so that block elements aren't treated as inline.
+ Modified para parser so that paragraphs containing only HTML tags and
blank space are not allowed. Treat these as raw HTML blocks instead.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1154 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1153 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
This allows these tags to be handled correctly in Markdown.
HTML reader now uses rawHtmlBlock', which excludes </html> and </body>,
since these are handled in parseHtml. (Resolves Issue #38.)
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1152 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
So, for example, [my](/url\(1\)) yields a link to /url(1). Resolves Issue #34.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1151 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
Consolidated uri and email address parsers. (Resolves Issue #37.)
+ New emailAddress and uri parsers in Text.Pandoc.Shared.
uri parser uses parseURI from Network.URI. emailAddress
parser properly handles email addresses with periods in them.
+ Removed uri and emailAddress parsers from Text.Pandoc.Readers.RST.
+ Removed uri and emailAddress parsers from Text.Pandoc.Readers.Markdown.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1149 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
This adds unneeded complexity and makes pandoc diverge further
than necessary from other markdown extensions.
Brought documentation, tests, and debian/changelog up to date.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1141 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ misc now parses anything but a '}' character
+ if there's a TeX parsing error, the string is included verbatim
and no error is issued.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1135 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1132 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ Text.Pandoc.Readers.TeXMath exports readTeXMath, which reads raw TeX
math and outputs a string of pandoc inlines that tries to render it
as far as possible, lapsing into literal TeX when needed.
+ Added Text.Pandoc.Readers.TeXMath to pandoc.cabal + ghc66 version.
+ Modified writers so that readTeXMath is used for default HTMl output
in HTML, S5, RTF, Docbook.
+ Updated README with information about how math is rendered in all formats.
+ Updated test suite.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1129 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1115 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1114 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1104 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
moving the contents of src/ to the top level, and should have
been deleted long ago.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1097 788f1e2b-df1e-0410-8736-df70ead52e1b
|
|
+ Added library Text.Pandoc.Include, with a template haskell
function $(includeStrFrom fname) to include a file as a string
constant at compile time.
+ This removes the need for the 'templates' directory or Makefile
target. These have been removed.
+ The base source directory has been changed from src to .
+ A new 'data' directory has been added, containing the ASCIIMathML.js
script, writer headers, and S5 files.
+ The src/wrappers directory has been moved to 'wrappers'.
+ The Text.Pandoc.ASCIIMathML library is no longer needed, since
Text.Pandoc.Writers.HTML can use includeStrFrom to include the
ASCIIMathML.js code directly. It has been removed.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1063 788f1e2b-df1e-0410-8736-df70ead52e1b
|