From ac39623d667999cfae1444b46508a9a423b0df1b Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Mon, 13 Jul 2015 09:21:35 -0700
Subject: Added `CMARK_OPT_SAFE` option and `--safe` command-line flag.

* Added `CMARK_OPT_SAFE`.  This option disables rendering of raw HTML
  and potentially dangerous links.
* Added `--safe` option in command-line program.
* Updated `cmark.3` man page.
* Added `scan_dangerous_url` to scanners.
* In HTML, suppress rendering of raw HTML and potentially dangerous
  links if `CMARK_OPT_SAFE`.  Dangerous URLs are those that begin
  with `javascript:`, `vbscript:`, `file:`, or `data:` (except for
  `image/png`, `image/gif`, `image/jpeg`, or `image/webp` mime types).
* Added `api_test` for `OPT_CMARK_SAFE`.
* Rewrote `README.md` on security.
---
 src/main.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/main.c')

diff --git a/src/main.c b/src/main.c
index 26e42ca..7fae7e4 100644
--- a/src/main.c
+++ b/src/main.c
@@ -28,6 +28,7 @@ void print_usage()
 	printf("  --width WIDTH    Specify wrap width (default 0 = nowrap)\n");
 	printf("  --sourcepos      Include source position attribute\n");
 	printf("  --hardbreaks     Treat newlines as hard line breaks\n");
+	printf("  --safe           Suppress raw HTML and dangerous URLs\n");
 	printf("  --smart          Use smart punctuation\n");
 	printf("  --normalize      Consolidate adjacent text nodes\n");
 	printf("  --help, -h       Print usage information\n");
@@ -93,6 +94,8 @@ int main(int argc, char *argv[])
 			options |= CMARK_OPT_HARDBREAKS;
 		} else if (strcmp(argv[i], "--smart") == 0) {
 			options |= CMARK_OPT_SMART;
+		} else if (strcmp(argv[i], "--safe") == 0) {
+			options |= CMARK_OPT_SAFE;
 		} else if (strcmp(argv[i], "--normalize") == 0) {
 			options |= CMARK_OPT_NORMALIZE;
 		} else if (strcmp(argv[i], "--validate-utf8") == 0) {
-- 
cgit v1.2.3