summaryrefslogtreecommitdiff
path: root/man/man3
diff options
context:
space:
mode:
authorJohn MacFarlane <jgm@berkeley.edu>2015-07-13 09:21:35 -0700
committerJohn MacFarlane <jgm@berkeley.edu>2015-07-13 10:15:55 -0700
commitac39623d667999cfae1444b46508a9a423b0df1b (patch)
tree40579cea4365b373fdc2831c2e43c2288671d028 /man/man3
parent6dcd2beafdfbc9f694916bcdfa822b896aa44177 (diff)
Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.
* Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security.
Diffstat (limited to 'man/man3')
-rw-r--r--man/man3/cmark.318
1 files changed, 17 insertions, 1 deletions
diff --git a/man/man3/cmark.3 b/man/man3/cmark.3
index 288fadc..1359fcc 100644
--- a/man/man3/cmark.3
+++ b/man/man3/cmark.3
@@ -1,4 +1,4 @@
-.TH cmark 3 "July 12, 2015" "LOCAL" "Library Functions Manual"
+.TH cmark 3 "July 13, 2015" "LOCAL" "Library Functions Manual"
.SH
NAME
.PP
@@ -569,6 +569,22 @@ dashes.
Validate UTF\-8 in the input before parsing, replacing illegal sequences
with the replacement character U+FFFD.
+.PP
+.nf
+\fC
+.RS 0n
+#define CMARK_OPT_SAFE 32
+.RE
+\f[]
+.fi
+
+.PP
+Suppress raw HTML and unsafe links (\f[C]javascript:\f[],
+\f[C]vbscript:\f[], \f[C]file:\f[], and \f[C]data:\f[], except for
+\f[C]image/png\f[], \f[C]image/gif\f[], \f[C]image/jpeg\f[], or
+\f[C]image/webp\f[] mime types). Raw HTML is replaced by a placeholder
+HTML comment. Unsafe links are replaced by empty strings.
+
.SS
Version information