Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.

* Added `CMARK_OPT_SAFE`.  This option disables rendering of raw HTML
  and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
  links if `CMARK_OPT_SAFE`.  Dangerous URLs are those that begin
  with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
  `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.

1 files changed, 3 insertions, 0 deletions

diff --git a/src/main.c b/src/main.c
index 26e42ca..7fae7e4 100644
--- a/src/main.c
+++ b/src/main.c
@@ -28,6 +28,7 @@ void print_usage()
 	printf("  --width WIDTH    Specify wrap width (default 0 = nowrap)\n");
 	printf("  --sourcepos      Include source position attribute\n");
 	printf("  --hardbreaks     Treat newlines as hard line breaks\n");
+	printf("  --safe           Suppress raw HTML and dangerous URLs\n");
 	printf("  --smart          Use smart punctuation\n");
 	printf("  --normalize      Consolidate adjacent text nodes\n");
 	printf("  --help, -h       Print usage information\n");
@@ -93,6 +94,8 @@ int main(int argc, char *argv[])
 			options |= CMARK_OPT_HARDBREAKS;
 		} else if (strcmp(argv[i], "--smart") == 0) {
 			options |= CMARK_OPT_SMART;
+		} else if (strcmp(argv[i], "--safe") == 0) {
+			options |= CMARK_OPT_SAFE;
 		} else if (strcmp(argv[i], "--normalize") == 0) {
 			options |= CMARK_OPT_NORMALIZE;
 		} else if (strcmp(argv[i], "--validate-utf8") == 0) {