redcarpet 1.17.2 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +294 -37
- data/Rakefile +13 -15
- data/bin/redcarpet +1 -1
- data/ext/redcarpet/autolink.c +18 -19
- data/ext/redcarpet/autolink.h +7 -4
- data/ext/redcarpet/buffer.c +135 -229
- data/ext/redcarpet/buffer.h +47 -113
- data/ext/redcarpet/houdini.h +29 -0
- data/ext/redcarpet/houdini_href_e.c +108 -0
- data/ext/redcarpet/houdini_html_e.c +84 -0
- data/ext/redcarpet/html.c +181 -237
- data/ext/redcarpet/html.h +28 -14
- data/ext/redcarpet/html_blocks.h +206 -0
- data/ext/redcarpet/html_smartypants.c +99 -49
- data/ext/redcarpet/markdown.c +712 -493
- data/ext/redcarpet/markdown.h +48 -41
- data/ext/redcarpet/rc_markdown.c +137 -0
- data/ext/redcarpet/rc_render.c +434 -0
- data/ext/redcarpet/redcarpet.h +33 -0
- data/ext/redcarpet/stack.c +81 -0
- data/ext/redcarpet/stack.h +21 -0
- data/lib/redcarpet/render_man.rb +65 -0
- data/lib/redcarpet.rb +62 -101
- data/redcarpet.gemspec +18 -13
- data/test/redcarpet_test.rb +209 -122
- metadata +33 -20
- data/ext/redcarpet/array.c +0 -300
- data/ext/redcarpet/array.h +0 -147
- data/ext/redcarpet/redcarpet.c +0 -161
- data/lib/markdown.rb +0 -1
- data/test/benchmark.rb +0 -56
- data/test/benchmark.txt +0 -306
- data/test/markdown_test.rb +0 -186
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
#include <assert.h>
|
|
2
|
+
#include <stdio.h>
|
|
3
|
+
#include <string.h>
|
|
4
|
+
|
|
5
|
+
#include "houdini.h"
|
|
6
|
+
|
|
7
|
+
#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10)
|
|
8
|
+
|
|
9
|
+
/*
|
|
10
|
+
* The following characters will not be escaped:
|
|
11
|
+
*
|
|
12
|
+
* -_.+!*'(),%#@?=;:/,+&$ alphanum
|
|
13
|
+
*
|
|
14
|
+
* Note that this character set is the addition of:
|
|
15
|
+
*
|
|
16
|
+
* - The characters which are safe to be in an URL
|
|
17
|
+
* - The characters which are *not* safe to be in
|
|
18
|
+
* an URL because they are RESERVED characters.
|
|
19
|
+
*
|
|
20
|
+
* We asume (lazily) that any RESERVED char that
|
|
21
|
+
* appears inside an URL is actually meant to
|
|
22
|
+
* have its native function (i.e. as an URL
|
|
23
|
+
* component/separator) and hence needs no escaping.
|
|
24
|
+
*
|
|
25
|
+
* There are two exceptions: the chacters & (amp)
|
|
26
|
+
* and ' (single quote) do not appear in the table.
|
|
27
|
+
* They are meant to appear in the URL as components,
|
|
28
|
+
* yet they require special HTML-entity escaping
|
|
29
|
+
* to generate valid HTML markup.
|
|
30
|
+
*
|
|
31
|
+
* All other characters will be escaped to %XX.
|
|
32
|
+
*
|
|
33
|
+
*/
|
|
34
|
+
static const char HREF_SAFE[] = {
|
|
35
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
36
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
37
|
+
0, 1, 0, 1, 1, 1, 0, 0, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
38
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 0, 1,
|
|
39
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
40
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 1,
|
|
41
|
+
0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
|
|
42
|
+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 0, 0, 0, 0,
|
|
43
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
44
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
45
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
46
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
47
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
48
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
49
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
50
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
51
|
+
};
|
|
52
|
+
|
|
53
|
+
void
|
|
54
|
+
houdini_escape_href(struct buf *ob, const uint8_t *src, size_t size)
|
|
55
|
+
{
|
|
56
|
+
static const char hex_chars[] = "0123456789ABCDEF";
|
|
57
|
+
size_t i = 0, org;
|
|
58
|
+
char hex_str[3];
|
|
59
|
+
|
|
60
|
+
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
|
|
61
|
+
hex_str[0] = '%';
|
|
62
|
+
|
|
63
|
+
while (i < size) {
|
|
64
|
+
org = i;
|
|
65
|
+
while (i < size && HREF_SAFE[src[i]] != 0)
|
|
66
|
+
i++;
|
|
67
|
+
|
|
68
|
+
if (i > org)
|
|
69
|
+
bufput(ob, src + org, i - org);
|
|
70
|
+
|
|
71
|
+
/* escaping */
|
|
72
|
+
if (i >= size)
|
|
73
|
+
break;
|
|
74
|
+
|
|
75
|
+
switch (src[i]) {
|
|
76
|
+
/* amp appears all the time in URLs, but needs
|
|
77
|
+
* HTML-entity escaping to be inside an href */
|
|
78
|
+
case '&':
|
|
79
|
+
BUFPUTSL(ob, "&");
|
|
80
|
+
break;
|
|
81
|
+
|
|
82
|
+
/* the single quote is a valid URL character
|
|
83
|
+
* according to the standard; it needs HTML
|
|
84
|
+
* entity escaping too */
|
|
85
|
+
case '\'':
|
|
86
|
+
BUFPUTSL(ob, "'");
|
|
87
|
+
break;
|
|
88
|
+
|
|
89
|
+
/* the space can be escaped to %20 or a plus
|
|
90
|
+
* sign. we're going with the generic escape
|
|
91
|
+
* for now. the plus thing is more commonly seen
|
|
92
|
+
* when building GET strings */
|
|
93
|
+
#if 0
|
|
94
|
+
case ' ':
|
|
95
|
+
bufputc(ob, '+');
|
|
96
|
+
break;
|
|
97
|
+
#endif
|
|
98
|
+
|
|
99
|
+
/* every other character goes with a %XX escaping */
|
|
100
|
+
default:
|
|
101
|
+
hex_str[1] = hex_chars[(src[i] >> 4) & 0xF];
|
|
102
|
+
hex_str[2] = hex_chars[src[i] & 0xF];
|
|
103
|
+
bufput(ob, hex_str, 3);
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
i++;
|
|
107
|
+
}
|
|
108
|
+
}
|
|
@@ -0,0 +1,84 @@
|
|
|
1
|
+
#include <assert.h>
|
|
2
|
+
#include <stdio.h>
|
|
3
|
+
#include <string.h>
|
|
4
|
+
|
|
5
|
+
#include "houdini.h"
|
|
6
|
+
|
|
7
|
+
#define ESCAPE_GROW_FACTOR(x) (((x) * 12) / 10) /* this is very scientific, yes */
|
|
8
|
+
|
|
9
|
+
/**
|
|
10
|
+
* According to the OWASP rules:
|
|
11
|
+
*
|
|
12
|
+
* & --> &
|
|
13
|
+
* < --> <
|
|
14
|
+
* > --> >
|
|
15
|
+
* " --> "
|
|
16
|
+
* ' --> ' ' is not recommended
|
|
17
|
+
* / --> / forward slash is included as it helps end an HTML entity
|
|
18
|
+
*
|
|
19
|
+
*/
|
|
20
|
+
static const char HTML_ESCAPE_TABLE[] = {
|
|
21
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
22
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
23
|
+
0, 0, 1, 0, 0, 0, 2, 3, 0, 0, 0, 0, 0, 0, 0, 4,
|
|
24
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, 6, 0,
|
|
25
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
26
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
27
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
28
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
29
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
30
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
31
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
32
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
33
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
34
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
35
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
36
|
+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
|
|
37
|
+
};
|
|
38
|
+
|
|
39
|
+
static const char *HTML_ESCAPES[] = {
|
|
40
|
+
"",
|
|
41
|
+
""",
|
|
42
|
+
"&",
|
|
43
|
+
"'",
|
|
44
|
+
"/",
|
|
45
|
+
"<",
|
|
46
|
+
">"
|
|
47
|
+
};
|
|
48
|
+
|
|
49
|
+
void
|
|
50
|
+
houdini_escape_html0(struct buf *ob, const uint8_t *src, size_t size, int secure)
|
|
51
|
+
{
|
|
52
|
+
size_t i = 0, org, esc = 0;
|
|
53
|
+
|
|
54
|
+
bufgrow(ob, ESCAPE_GROW_FACTOR(size));
|
|
55
|
+
|
|
56
|
+
while (i < size) {
|
|
57
|
+
org = i;
|
|
58
|
+
while (i < size && (esc = HTML_ESCAPE_TABLE[src[i]]) == 0)
|
|
59
|
+
i++;
|
|
60
|
+
|
|
61
|
+
if (i > org)
|
|
62
|
+
bufput(ob, src + org, i - org);
|
|
63
|
+
|
|
64
|
+
/* escaping */
|
|
65
|
+
if (i >= size)
|
|
66
|
+
break;
|
|
67
|
+
|
|
68
|
+
/* The forward slash is only escaped in secure mode */
|
|
69
|
+
if (src[i] == '/' && !secure) {
|
|
70
|
+
bufputc(ob, '/');
|
|
71
|
+
} else {
|
|
72
|
+
bufputs(ob, HTML_ESCAPES[esc]);
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
i++;
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
void
|
|
80
|
+
houdini_escape_html(struct buf *ob, const uint8_t *src, size_t size)
|
|
81
|
+
{
|
|
82
|
+
houdini_escape_html0(ob, src, size, 1);
|
|
83
|
+
}
|
|
84
|
+
|