From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001 From: John MacFarlane <jgm@berkeley.edu> Date: Mon, 13 Jul 2015 09:21:35 -0700 Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag. * Added `CMARK_OPT_SAFE`. This option disables rendering of raw HTML and potentially dangerous links. * Added `--safe` option in command-line program. * Updated `cmark.3` man page. * Added `scan_dangerous_url` to scanners. * In HTML, suppress rendering of raw HTML and potentially dangerous links if `CMARK_OPT_SAFE`. Dangerous URLs are those that begin with `javascript:`, `vbscript:`, `file:`, or `data:` (except for `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types). * Added `api_test` for `OPT_CMARK_SAFE`. * Rewrote `README.md` on security. --- src/main.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/main.c') diff --git a/src/main.c b/src/main.c index 26e42ca..7fae7e4 100644 --- a/src/main.c +++ b/src/main.c @@ -28,6 +28,7 @@ void print_usage() printf(" --width WIDTH Specify wrap width (default 0 = nowrap)\n"); printf(" --sourcepos Include source position attribute\n"); printf(" --hardbreaks Treat newlines as hard line breaks\n"); + printf(" --safe Suppress raw HTML and dangerous URLs\n"); printf(" --smart Use smart punctuation\n"); printf(" --normalize Consolidate adjacent text nodes\n"); printf(" --help, -h Print usage information\n"); @@ -93,6 +94,8 @@ int main(int argc, char *argv[]) options |= CMARK_OPT_HARDBREAKS; } else if (strcmp(argv[i], "--smart") == 0) { options |= CMARK_OPT_SMART; + } else if (strcmp(argv[i], "--safe") == 0) { + options |= CMARK_OPT_SAFE; } else if (strcmp(argv[i], "--normalize") == 0) { options |= CMARK_OPT_NORMALIZE; } else if (strcmp(argv[i], "--validate-utf8") == 0) { -- cgit v1.2.3