securemark 0.230.1 → 0.231.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "securemark",
-  "version": "0.230.1",
+  "version": "0.231.2",
   "description": "Secure markdown renderer working on browsers for user input data.",
   "private": false,
   "homepage": "https://github.com/falsandtru/securemark",
@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "@types/dompurify": "2.3.3",
-    "@types/jquery": "3.5.13",
+    "@types/jquery": "3.5.14",
     "@types/mathjax": "0.0.37",
     "@types/mocha": "9.1.0",
     "@types/power-assert": "1.5.8",
@@ -40,15 +40,17 @@
     "browserify-shim": "^3.8.14",
     "concurrently": "^7.0.0",
     "del": "^6.0.0",
+    "eslint-plugin-redos": "^4.3.0",
     "gulp": "^4.0.2",
     "gulp-derequire": "^3.0.0",
+    "gulp-eslint": "^6.0.0",
     "gulp-footer": "^2.1.0",
     "gulp-header": "^2.0.9",
     "gulp-load-plugins": "^2.0.7",
     "gulp-mocha": "^8.0.0",
     "gulp-rename": "^2.0.0",
     "gulp-unassert": "^2.0.0",
-    "karma": "^6.3.16",
+    "karma": "^6.3.17",
     "karma-chrome-launcher": "^3.1.0",
     "karma-coverage-istanbul-instrumenter": "^1.0.4",
     "karma-coverage-istanbul-reporter": "^3.0.3",
@@ -56,13 +58,13 @@
     "karma-firefox-launcher": "^2.1.2",
     "karma-mocha": "^2.0.1",
     "mocha": "^9.2.1",
-    "npm-check-updates": "^12.4.0",
+    "npm-check-updates": "^12.5.2",
     "power-assert": "^1.6.1",
     "semver": "^7.3.5",
-    "spica": "0.0.510",
+    "spica": "0.0.511",
     "tsify": "^5.0.4",
-    "typed-dom": "0.0.248",
-    "typescript": "4.5.5",
+    "typed-dom": "0.0.249",
+    "typescript": "4.6.2",
     "vinyl-buffer": "^1.0.1",
     "vinyl-source-stream": "^2.0.0"
   },

package/src/debug.test.ts

@@ -21,6 +21,7 @@ export function inspect(result: Result<HTMLElement | string>, until: number | st
       el.innerHTML = node.outerHTML.slice(0, until);
       if (node.outerHTML.length <= until) {
         assert(node.outerHTML === el.innerHTML);
+        // eslint-disable-next-line redos/no-vulnerable
         assert(node.childNodes.length === el.firstChild?.childNodes.length || />[^<]{65537}/.test(node.outerHTML));
       }
       else {

package/src/parser/api/header.ts

@@ -8,7 +8,7 @@ export function header(source: string): string {
 
 export function headers(source: string): string[] {
   const [el] = parse(source);
-  return el?.textContent!.trimEnd().slice(el.firstChild!.textContent!.length).split(/[^\S\n]*\n/) ?? [];
+  return el?.textContent!.trimEnd().slice(el.firstChild!.textContent!.length).split('\n') ?? [];
 }
 
 function parse(source: string): [HTMLDetailsElement, string] | [] {

package/src/parser/inline/autolink/account.ts

@@ -11,7 +11,7 @@ export const account: AutolinkParser.AccountParser = lazy(() => fmap(rewrite(
     '@',
     tails([
       verify(
-        str(/^[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?)*\//),
+        str(/^[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?)*\//),
         ([source]) => source.length <= 253 + 1),
       verify(
         str(/^[A-Za-z][0-9A-Za-z]*(?:-[0-9A-Za-z]+)*/),

package/src/parser/inline/autolink/email.test.ts

@@ -23,6 +23,7 @@ describe('Unit: parser/inline/autolink/email', () => {
       assert.deepStrictEqual(inspect(parser('a+@b')), undefined);
       assert.deepStrictEqual(inspect(parser('a..b@c')), undefined);
       assert.deepStrictEqual(inspect(parser('a++b@c')), undefined);
+      assert.deepStrictEqual(inspect(parser(`a@${'b'.repeat(64)}`)), [[`a@${'b'.repeat(64)}`], '']);
       assert.deepStrictEqual(inspect(parser(' a@b')), undefined);
     });
 
@@ -36,7 +37,7 @@ describe('Unit: parser/inline/autolink/email', () => {
       assert.deepStrictEqual(inspect(parser('a@b_c')), [['<a class="email" href="mailto:a@b">a@b</a>'], '_c']);
       assert.deepStrictEqual(inspect(parser('a@b-')), [['<a class="email" href="mailto:a@b">a@b</a>'], '-']);
       assert.deepStrictEqual(inspect(parser('a@b-c')), [['<a class="email" href="mailto:a@b-c">a@b-c</a>'], '']);
-      assert.deepStrictEqual(inspect(parser('a@b--c')), [['<a class="email" href="mailto:a@b--c">a@b--c</a>'], '']);
+      assert.deepStrictEqual(inspect(parser('a@b--c')), [['<a class="email" href="mailto:a@b">a@b</a>'], '--c']);
       assert.deepStrictEqual(inspect(parser('a@b.')), [['<a class="email" href="mailto:a@b">a@b</a>'], '.']);
       assert.deepStrictEqual(inspect(parser('a@b.c')), [['<a class="email" href="mailto:a@b.c">a@b.c</a>'], '']);
       assert.deepStrictEqual(inspect(parser('a@b..c')), [['<a class="email" href="mailto:a@b">a@b</a>'], '..c']);

package/src/parser/inline/autolink/email.ts

@@ -6,6 +6,6 @@ import { html } from 'typed-dom';
 // https://html.spec.whatwg.org/multipage/input.html
 
 export const email: AutolinkParser.EmailParser = creator(rewrite(verify(
-  str(/^[0-9A-Za-z]+(?:[.+_-][0-9A-Za-z]+)*@[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?)*/),
+  str(/^[0-9A-Za-z]+(?:[.+_-][0-9A-Za-z]+)*@[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?)*(?![0-9A-Za-z])/),
   ([source]) => source.indexOf('@') <= 64 && source.length <= 255),
   source => [[html('a', { class: 'email', href: `mailto:${source}` }, source)], '']));

package/src/parser/inline/autolink/hashnum.test.ts

@@ -35,6 +35,7 @@ describe('Unit: parser/inline/autolink/hashnum', () => {
       assert.deepStrictEqual(inspect(parser('あ#1')), [['あ#1'], '']);
       assert.deepStrictEqual(inspect(parser(' #1')), undefined);
       assert.deepStrictEqual(inspect(parser('#12345678901234567')), [['#12345678901234567'], '']);
+      assert.deepStrictEqual(inspect(parser(`#${'1'.repeat(128)}a`)), [[`#${'1'.repeat(128)}a`], '']);
     });
 
     it('valid', () => {

package/src/parser/inline/autolink/hashnum.ts

@@ -1,11 +1,12 @@
 import { AutolinkParser } from '../../inline';
 import { union, rewrite, context, open, convert, fmap, lazy } from '../../../combinator';
 import { link } from '../link';
+import { emoji } from './hashtag';
 import { str } from '../../source';
 import { define } from 'typed-dom';
 
 export const hashnum: AutolinkParser.HashnumParser = lazy(() => fmap(rewrite(
-  open('#', str(/^[0-9]{1,16}(?![0-9A-Za-z'_]|[^\x00-\x7F\s])/)),
+  open('#', str(new RegExp(String.raw`^[0-9]{1,16}(?![^\p{C}\p{S}\p{P}\s]|${emoji}|['_])`, 'u'))),
   context({ syntax: { inline: {
     link: true,
     autolink: false,

package/src/parser/inline/autolink/hashtag.test.ts

@@ -23,9 +23,6 @@ describe('Unit: parser/inline/autolink/hashtag', () => {
       assert.deepStrictEqual(inspect(parser(`#'`)), [[`#'`], '']);
       assert.deepStrictEqual(inspect(parser(`#a''`)), [[`#a''`], '']);
       assert.deepStrictEqual(inspect(parser('#_')), [['#_'], '']);
-      assert.deepStrictEqual(inspect(parser('#a_')), [['#a_'], '']);
-      assert.deepStrictEqual(inspect(parser('#a__b')), [['#a__b'], '']);
-      assert.deepStrictEqual(inspect(parser(`#a_'b`)), [[`#a_'b`], '']);
       assert.deepStrictEqual(inspect(parser('#(a)')), [['#'], '(a)']);
       assert.deepStrictEqual(inspect(parser('#{}')), [['#'], '{}']);
       assert.deepStrictEqual(inspect(parser('#{{}')), [['#'], '{{}']);
@@ -38,6 +35,9 @@ describe('Unit: parser/inline/autolink/hashtag', () => {
       assert.deepStrictEqual(inspect(parser('a##1')), [['a##1'], '']);
       assert.deepStrictEqual(inspect(parser('a##b')), [['a##b'], '']);
       assert.deepStrictEqual(inspect(parser('あ#b')), [['あ#b'], '']);
+      assert.deepStrictEqual(inspect(parser(`#${'1'.repeat(127)}_`)), [[`#${'1'.repeat(127)}_`], '']);
+      assert.deepStrictEqual(inspect(parser(`#${'1'.repeat(127)}_a`)), [[`#${'1'.repeat(127)}_a`], '']);
+      assert.deepStrictEqual(inspect(parser(`#${'1'.repeat(127)}_'a`)), [[`#${'1'.repeat(127)}_'a`], '']);
       assert.deepStrictEqual(inspect(parser(' #a')), undefined);
     });
 
@@ -50,21 +50,22 @@ describe('Unit: parser/inline/autolink/hashtag', () => {
       assert.deepStrictEqual(inspect(parser('#a\\\n')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '\\\n']);
       assert.deepStrictEqual(inspect(parser('#a)')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], ')']);
       assert.deepStrictEqual(inspect(parser('#a(b')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '(b']);
-      assert.deepStrictEqual(inspect(parser('#a(b)')), [['<a href="/hashtags/a(b)" class="hashtag">#a(b)</a>'], '']);
-      assert.deepStrictEqual(inspect(parser('#a((b))')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '((b))']);
-      assert.deepStrictEqual(inspect(parser(`#a'`)), [[`<a href="/hashtags/a'" class="hashtag">#a'</a>`], '']);
-      assert.deepStrictEqual(inspect(parser(`#a(b')`)), [[`<a href="/hashtags/a(b')" class="hashtag">#a(b')</a>`], '']);
-      assert.deepStrictEqual(inspect(parser(`#a(b'')`)), [[`<a href="/hashtags/a" class="hashtag">#a</a>`], `(b'')`]);
-      assert.deepStrictEqual(inspect(parser(`#a('b)`)), [['<a href="/hashtags/a" class="hashtag">#a</a>'], `('b)`]);
+      assert.deepStrictEqual(inspect(parser('#a(b)')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '(b)']);
+      assert.deepStrictEqual(inspect(parser('#a_')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '_']);
       assert.deepStrictEqual(inspect(parser('#a_b')), [['<a href="/hashtags/a_b" class="hashtag">#a_b</a>'], '']);
-      assert.deepStrictEqual(inspect(parser(`#a'_b`)), [[`<a href="/hashtags/a'_b" class="hashtag">#a'_b</a>`], '']);
-      assert.deepStrictEqual(inspect(parser('#a(b_c)')), [['<a href="/hashtags/a(b_c)" class="hashtag">#a(b_c)</a>'], '']);
-      assert.deepStrictEqual(inspect(parser('#a(b__c)')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '(b__c)']);
+      assert.deepStrictEqual(inspect(parser(`#a_'b`)), [['<a href="/hashtags/a" class="hashtag">#a</a>'], `_'b`]);
+      assert.deepStrictEqual(inspect(parser('#a__b')), [['<a href="/hashtags/a" class="hashtag">#a</a>'], '__b']);
       assert.deepStrictEqual(inspect(parser('#あ')), [['<a href="/hashtags/あ" class="hashtag">#あ</a>'], '']);
+      assert.deepStrictEqual(inspect(parser('#👩')), [['<a href="/hashtags/👩" class="hashtag">#👩</a>'], '']);
       assert.deepStrictEqual(inspect(parser('#1a')), [['<a href="/hashtags/1a" class="hashtag">#1a</a>'], '']);
       assert.deepStrictEqual(inspect(parser('#1あ')), [['<a href="/hashtags/1あ" class="hashtag">#1あ</a>'], '']);
+      assert.deepStrictEqual(inspect(parser('#1👩')), [['<a href="/hashtags/1👩" class="hashtag">#1👩</a>'], '']);
       assert.deepStrictEqual(inspect(parser('#domain/a')), [['<a href="https://domain/hashtags/a" target="_blank" class="hashtag">#domain/a</a>'], '']);
       assert.deepStrictEqual(inspect(parser('#domain.co.jp/a')), [['<a href="https://domain.co.jp/hashtags/a" target="_blank" class="hashtag">#domain.co.jp/a</a>'], '']);
+      // Reserved
+      assert.deepStrictEqual(inspect(parser(`#a'`)), [[`#a'`], '']);
+      assert.deepStrictEqual(inspect(parser(`#a'b`)), [[`#a'b`], '']);
+      assert.deepStrictEqual(inspect(parser(`#a'_b`)), [[`#a'_b`], '']);
     });
 
   });

package/src/parser/inline/autolink/hashtag.ts

@@ -6,15 +6,22 @@ import { define } from 'typed-dom';
 
 // https://example/hashtags/a must be a hashtag page or a redirect page going there.
 
+// https://github.com/tc39/proposal-regexp-unicode-property-escapes#matching-emoji
+export const emoji = String.raw`\p{Emoji_Modifier_Base}\p{Emoji_Modifier}?|\p{Emoji_Presentation}|\p{Emoji}\uFE0F`;
+
 export const hashtag: AutolinkParser.HashtagParser = lazy(() => fmap(rewrite(
   open(
     '#',
     tails([
       verify(
-        str(/^[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:[0-9A-Za-z-]{0,61}[0-9A-Za-z])?)*\//),
+        str(/^[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-(?=\w)){0,61}[0-9A-Za-z])?)*\//),
         ([source]) => source.length <= 253 + 1),
       verify(
-        str(/^(?=(?:[0-9]{1,127}_?)?(?:[A-Za-z]|[^\x00-\x7F\s]))(?:[0-9A-Za-z]|[^\x00-\x7F\s]|'(?!')|_(?=[0-9A-Za-z]|[^\x00-\x7F\s])){1,128}(?:_?\((?=(?:[0-9]{1,127}_?)?(?:[A-Za-z]|[^\x00-\x7F\s]))(?:[0-9A-Za-z]|[^\x00-\x7F\s]|'(?!')|_(?=[0-9A-Za-z]|[^\x00-\x7F\s])){1,125}\))?(?![0-9A-Za-z'_]|[^\x00-\x7F\s])/),
+        str(new RegExp(['^',
+          String.raw`(?=[0-9]{0,127}_?(?:[^\d\p{C}\p{S}\p{P}\s]|${emoji}))`,
+          String.raw`(?:[^\p{C}\p{S}\p{P}\s]|${emoji}|_(?=[^\p{C}\p{S}\p{P}\s]|${emoji})){1,128}`,
+          String.raw`(?!_?(?:[^\p{C}\p{S}\p{P}\s]|${emoji})|')`,
+        ].join(''), 'u')),
         ([source]) => source.length <= 128),
     ])),
   context({ syntax: { inline: {

package/src/parser/inline/autolink.ts

@@ -4,7 +4,7 @@ import { url } from './autolink/url';
 import { email } from './autolink/email';
 import { channel } from './autolink/channel';
 import { account } from './autolink/account';
-import { hashtag } from './autolink/hashtag';
+import { hashtag, emoji } from './autolink/hashtag';
 import { hashnum } from './autolink/hashnum';
 import { anchor } from './autolink/anchor';
 import { str } from '../source';
@@ -23,11 +23,11 @@ export const autolink: AutolinkParser = fmap(
     // Escape unmatched account-like strings.
     str(/^@+[0-9A-Za-z]*(?:-[0-9A-Za-z]+)*/),
     // Escape invalid leading characters.
-    str(/^(?:[0-9A-Za-z]|[^\x00-\x7F\s])(?=#)/u),
+    str(new RegExp(String.raw`^(?:[^\p{C}\p{S}\p{P}\s]|${emoji}|['_])(?=#)`, 'u')),
     hashtag,
     hashnum,
     // Escape unmatched hashtag-like strings.
-    str(/^#+(?:[0-9A-Za-z'_]|[^\x00-\x7F\s])*/),
+    str(new RegExp(String.raw`^#+(?:[^\p{C}\p{S}\p{P}\s]|${emoji}|['_])*`, 'u')),
     anchor,
   ])))),
   ns => ns.length === 1 ? ns : [stringify(ns)]);

package/src/parser/inline/bracket.ts

@@ -6,11 +6,8 @@ import { str } from '../source';
 import { html, defrag } from 'typed-dom';
 import { unshift, push } from 'spica/array';
 
-const index = new RegExp(`^(?:${[
-  /(?:0|[1-9]\d*)(?:\.(?:0|[1-9]\d*))+/,
-  /[0-9]{1,4}|[A-Za-z]/,
-].map(r => r.source).join('|')})`);
-const indexFW = new RegExp(index.source.replace(/[019AZaz](?!,)/g, c => String.fromCharCode(c.charCodeAt(0) + 0xfee0)));
+const index = /^(?:[0-9]+(?:\.[0-9]+)*|[A-Za-z])/;
+const indexFW = new RegExp(index.source.replace(/[019AZaz](?!,)/g, c => String.fromCharCode(c.charCodeAt(0) + 0xFEE0)));
 
 export const bracket: BracketParser = lazy(() => union([
   surround(str('('), str(index), str(')'), false,

package/src/parser/inline/comment.test.ts

@@ -17,8 +17,10 @@ describe('Unit: parser/inline/comment', () => {
       assert.deepStrictEqual(inspect(parser('[# #] #]')), undefined);
       assert.deepStrictEqual(inspect(parser('[#  #]  #]')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [#')), undefined);
+      assert.deepStrictEqual(inspect(parser('[#[#')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [# ')), undefined);
       assert.deepStrictEqual(inspect(parser('[# [# a')), undefined);
+      assert.deepStrictEqual(inspect(parser('[# a[#')), [['<sup class="comment invalid">[# a</sup>'], '[#']);
       assert.deepStrictEqual(inspect(parser('[# a [#')), [['<sup class="comment invalid">[# a </sup>'], '[#']);
       assert.deepStrictEqual(inspect(parser('[# a [# ')), [['<sup class="comment invalid">[# a </sup>'], '[# ']);
       assert.deepStrictEqual(inspect(parser('[# a [#\n')), [['<sup class="comment invalid">[# a </sup>'], '[#\n']);

package/src/parser/inline/comment.ts

@@ -6,9 +6,9 @@ import { unescsource } from '../source';
 import { html } from 'typed-dom';
 
 export const comment: CommentParser = creator(validate('[#', match(
-  /^\[(#+)\s+(?!\s|\1\]|\[\1\s)((?:\S+\s+)+?)(\1\]|(?=\[\1(?:$|\s)))/,
+  /^\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s)))/,
   ([whole, , body, closer]) => (rest, context) => {
-    [whole, body] = `${whole}\0${body.trimEnd()}`.replace(/\x1B/g, '').split('\0', 2);
+    [whole, body] = `${whole}\0${body.trimStart()}`.replace(/\x1B/g, '').split('\0', 2);
     if (!closer) return [[html('sup', {
       class: 'comment invalid',
       'data-invalid-syntax': 'comment',

package/src/parser/inline/html.ts

@@ -88,7 +88,7 @@ export const html: HTMLParser = lazy(() => creator(validate('<', validate(/^<[a-
 ])))));
 
 export const attribute: HTMLParser.TagParser.AttributeParser = union([
-  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|>)/),
+  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|>)/),
 ]);
 
 function elem(tag: string, as: (HTMLElement | string)[], bs: (HTMLElement | string)[], cs: (HTMLElement | string)[], context: MarkdownParser.Context): HTMLElement {

package/src/parser/inline/link.ts

@@ -52,7 +52,7 @@ export const link: LinkParser = lazy(() => creator(10, bind(reverse(
     const INSECURE_URI = params.shift()!;
     assert(INSECURE_URI === INSECURE_URI.trim());
     assert(!INSECURE_URI.match(/\s/));
-    const el = create(
+    const el = elem(
       INSECURE_URI,
       trimNode(defrag(content)),
       new ReadonlyURL(
@@ -71,7 +71,7 @@ export const uri: LinkParser.ParameterParser.UriParser = union([
 
 export const option: LinkParser.ParameterParser.OptionParser = union([
   fmap(str(/^[^\S\n]+nofollow(?=[^\S\n]|})/), () => [` rel="nofollow"`]),
-  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\n"])*")?(?=[^\S\n]|})/),
+  str(/^[^\S\n]+[a-z]+(?:-[a-z]+)*(?:="(?:\\[^\n]|[^\\\n"])*")?(?=[^\S\n]|})/),
   fmap(str(/^[^\S\n]+(?=})/), () => []),
   fmap(str(/^[^\S\n]+[^\n{}]+/), opt => [` \\${opt.slice(1)}`]),
 ]);
@@ -83,7 +83,7 @@ export function resolve(uri: string, host: URL | Location, source: URL | Locatio
     case uri.slice(0, 2) === '^/':
       const last = host.pathname.slice(host.pathname.lastIndexOf('/') + 1);
       return last.includes('.') // isFile
-          && /^[0-9]*[a-z][0-9a-z]*$/i.test(last.slice(last.lastIndexOf('.') + 1))
+          && /^[0-9]*[A-Za-z][0-9A-Za-z]*$/.test(last.slice(last.lastIndexOf('.') + 1))
         ? `${host.pathname.slice(0, -last.length)}${uri.slice(2)}`
         : `${host.pathname.replace(/\/?$/, '/')}${uri.slice(2)}`;
     case host.origin === source.origin
@@ -98,7 +98,7 @@ export function resolve(uri: string, host: URL | Location, source: URL | Locatio
   }
 }
 
-function create(
+function elem(
   INSECURE_URI: string,
   content: readonly (string | HTMLElement)[],
   uri: ReadonlyURL,

package/src/parser/inline/ruby.ts

@@ -11,8 +11,8 @@ import { unshift, push, join } from 'spica/array';
 export const ruby: RubyParser = lazy(() => creator(bind(verify(
   validate('[', ')', '\n',
   sequence([
-    surround('[', focus(/^(?:\\[^\n]|[^\[\]\n])+(?=]\()/, text), ']'),
-    surround('(', focus(/^(?:\\[^\n]|[^\(\)\n])+(?=\))/, text), ')'),
+    surround('[', focus(/^(?:\\[^\n]|[^\\\[\]\n])+(?=]\()/, text), ']'),
+    surround('(', focus(/^(?:\\[^\n]|[^\\\(\)\n])+(?=\))/, text), ')'),
   ])),
   ([texts]) => isStartTightNodes(texts)),
   ([texts, rubies], rest) => {

package/src/parser/inline.test.ts

@@ -173,6 +173,7 @@ describe('Unit: parser/inline', () => {
       assert.deepStrictEqual(inspect(parser('あい#b')), [['あ', 'い#b'], '']);
       assert.deepStrictEqual(inspect(parser('0aあ#b')), [['0a', 'あ#b'], '']);
       assert.deepStrictEqual(inspect(parser('0aあい#b')), [['0a', 'あ', 'い#b'], '']);
+      assert.deepStrictEqual(inspect(parser('「#あ」')), [['「', '<a href="/hashtags/あ" class="hashtag">#あ</a>', '」'], '']);
       assert.deepStrictEqual(inspect(parser('a\n#b')), [['a', '<br>', '<a href="/hashtags/b" class="hashtag">#b</a>'], '']);
       assert.deepStrictEqual(inspect(parser('a\\\n#b')), [['a', '<span class="linebreak"> </span>', '<a href="/hashtags/b" class="hashtag">#b</a>'], '']);
       assert.deepStrictEqual(inspect(parser('*a*#b')), [['<em>a</em>', '<a href="/hashtags/b" class="hashtag">#b</a>'], '']);
@@ -186,6 +187,7 @@ describe('Unit: parser/inline', () => {
     it('hashnum', () => {
       assert.deepStrictEqual(inspect(parser('#1')), [['<a class="hashnum">#1</a>'], '']);
       assert.deepStrictEqual(inspect(parser('#12345678901234567@a')), [['#12345678901234567@a'], '']);
+      assert.deepStrictEqual(inspect(parser('「#1」')), [['「', '<a class="hashnum">#1</a>', '」'], '']);
     });
 
   });

package/src/parser/util.ts

@@ -42,13 +42,13 @@ const invisibleHTMLEntityNames = [
   'InvisibleComma',
   'ic',
 ];
-const blankline = new RegExp(String.raw`^(?!$|\n)(?:\\?\s|&(?:${invisibleHTMLEntityNames.join('|')});|<wbr>|\[(#+)\s+(?!\s|\1\]|\[\1\s)(?:\S+\s+)+?(?:\1\]|(?=\[\1(?:$|\s))))*\\?(?:$|\n)`, 'gm');
+const blankline = new RegExp(String.raw`^(?!$)(?:\\$|\\?[^\S\n]|&(?:${invisibleHTMLEntityNames.join('|')});|<wbr>|\[(#+)(?!\S|\s+\1\]|\s*\[\1(?:$|\s))((?:\s+\S+)+?)(?:\s+(\1\])|\s*(?=\[\1(?:$|\s))))+(?=$|(\S))`, 'gm');
 
 export function visualize<P extends Parser<HTMLElement | string>>(parser: P): P;
 export function visualize<T extends HTMLElement | string>(parser: Parser<T>): Parser<T> {
   return union([
     convert(
-      source => source.replace(blankline, line => line.replace(/[\\&<\[]/g, '\x1B$&')),
+      source => source.replace(blankline, (line, ...$) => !$[3] ? line.replace(/[\\&<\[]/g, '\x1B$&') : line),
       verify(parser, (ns, rest, context) => !rest && hasVisible(ns, context))),
     some(union([linebreak, unescsource])),
   ]);

package/src/renderer/render/media/youtube.ts

@@ -15,12 +15,12 @@ export function youtube(source: HTMLImageElement, url: URL): HTMLElement | undef
 function resolve(url: URL): string | undefined {
   switch (url.origin) {
     case 'https://www.youtube.com':
-      return url.pathname === '/watch/'
-        ? url.href.replace(/.+?=/, '').replace('&', '?')
+      return url.pathname.match(/^\/watch\/?$/)
+        ? url.searchParams.get('v')?.concat(url.search.replace(/([?&])v=[^&#]*&?/g, '$1'), url.hash)
         : undefined;
     case 'https://youtu.be':
-      return url.pathname.match(/^\/[\w-]+$/)
-        ? url.href.slice(url.href.indexOf('/', 9) + 1)
+      return url.pathname.match(/^\/[\w-]+\/?$/)
+        ? url.href.slice(url.origin.length)
         : undefined;
     default:
       return;