diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2019-03-17 22:43:38 -0700 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2019-03-17 22:43:38 -0700 |
| commit | 325a1471d2a32bcc1e2d2580b973ff4ba1df85e8 (patch) | |
| tree | 94c5f59aee2756009cbc87f8c65c73bca41a3b67 /src/html.c | |
| parent | ca8ef74a8d50fbd76fb0d22fb110e660ef9944a4 (diff) | |
Make rendering safe by default.
Removes CMARK_OPT_SAFE from options.
Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links. The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.
--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------
Closes #239, #273.
Borrows heavily from @kivikakk's patch in github/cmark-gfm#123.
Diffstat (limited to 'src/html.c')
| -rw-r--r-- | src/html.c | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -170,7 +170,7 @@ static int S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_HTML_BLOCK: cr(html); - if (options & CMARK_OPT_SAFE) { + if (!(options & CMARK_OPT_UNSAFE)) { cmark_strbuf_puts(html, "<!-- raw HTML omitted -->"); } else { cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len); @@ -242,7 +242,7 @@ static int S_render_node(cmark_node *node, cmark_event_type ev_type, break; case CMARK_NODE_HTML_INLINE: - if (options & CMARK_OPT_SAFE) { + if (!(options & CMARK_OPT_UNSAFE)) { cmark_strbuf_puts(html, "<!-- raw HTML omitted -->"); } else { cmark_strbuf_put(html, node->as.literal.data, node->as.literal.len); @@ -278,8 +278,8 @@ static int S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_LINK: if (entering) { cmark_strbuf_puts(html, "<a href=\""); - if (!((options & CMARK_OPT_SAFE) && - scan_dangerous_url(&node->as.link.url, 0))) { + if ((options & CMARK_OPT_UNSAFE) || + !(scan_dangerous_url(&node->as.link.url, 0))) { houdini_escape_href(html, node->as.link.url.data, node->as.link.url.len); } @@ -296,8 +296,8 @@ static int S_render_node(cmark_node *node, cmark_event_type ev_type, case CMARK_NODE_IMAGE: if (entering) { cmark_strbuf_puts(html, "<img src=\""); - if (!((options & CMARK_OPT_SAFE) && - scan_dangerous_url(&node->as.link.url, 0))) { + if ((options & CMARK_OPT_UNSAFE) || + !(scan_dangerous_url(&node->as.link.url, 0))) { houdini_escape_href(html, node->as.link.url.data, node->as.link.url.len); } |