From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001 From: John MacFarlane Date: Mon, 13 Jul 2015 09:21:35 -0700 Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag. * Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security. --- man/man1/cmark.1 | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'man/man1/cmark.1') diff --git a/man/man1/cmark.1 b/man/man1/cmark.1 index 64fa697..8dd9165 100644 --- a/man/man1/cmark.1 +++ b/man/man1/cmark.1 @@ -45,6 +45,14 @@ be rendered as curly quotes, depending on their position. \f[C]\-\-\-\f[] will be rendered as an em-dash. \f[C]...\f[] will be rendered as ellipses. .TP 12n +.B \-\-safe +Do not render raw HTML or potentially dangerous URLs. +(Raw HTML is replaced by a placeholder comment; potentially +dangerous URLs are replaced by empty strings.) Dangerous +URLs are those that begin with `javascript:`, `vbscript:`, +`file:`, or `data:` (except for `image/png`, `image/gif`, +`image/jpeg`, or `image/webp` mime types). +.TP 12n .B \-\-help Print usage information. .TP 12n -- cgit v1.2.3