diff options
| author | John MacFarlane <jgm@berkeley.edu> | 2019-03-17 22:43:38 -0700 |
|---|---|---|
| committer | John MacFarlane <jgm@berkeley.edu> | 2019-03-17 22:43:38 -0700 |
| commit | 325a1471d2a32bcc1e2d2580b973ff4ba1df85e8 (patch) | |
| tree | 94c5f59aee2756009cbc87f8c65c73bca41a3b67 /test/cmark.py | |
| parent | ca8ef74a8d50fbd76fb0d22fb110e660ef9944a4 (diff) | |
Make rendering safe by default.
Removes CMARK_OPT_SAFE from options.
Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links. The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.
--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------
Closes #239, #273.
Borrows heavily from @kivikakk's patch in github/cmark-gfm#123.
Diffstat (limited to 'test/cmark.py')
| -rw-r--r-- | test/cmark.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/test/cmark.py b/test/cmark.py index 4be85a3..38d2f59 100644 --- a/test/cmark.py +++ b/test/cmark.py @@ -17,7 +17,8 @@ def to_html(lib, text): markdown.argtypes = [c_char_p, c_size_t, c_int] textbytes = text.encode('utf-8') textlen = len(textbytes) - result = markdown(textbytes, textlen, 0).decode('utf-8') + # 1 << 17 == CMARK_OPT_UNSAFE + result = markdown(textbytes, textlen, 1 << 17).decode('utf-8') return [0, result, ''] def to_commonmark(lib, text): @@ -37,6 +38,7 @@ class CMark: def __init__(self, prog=None, library_dir=None): self.prog = prog if prog: + prog += ' --unsafe' self.to_html = lambda x: pipe_through_prog(prog, x) self.to_commonmark = lambda x: pipe_through_prog(prog + ' -t commonmark', x) else: |