Commit graph

18 commits

Author SHA1 Message Date
fiddlosopher
6b73389328 Added type signatures, etc., to eliminate -Wall warnings.
(except for two warnings about unneeded functions, which might
come in handy some day...)


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1291 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-06-17 22:15:39 +00:00
fiddlosopher
6a46ffc0ad Count anything that isn't a known block (HTML) tag as an inline tag
(rather than the other way around).  Added "html", "head", and
"body" to list of block tags.  Resolves Issue #66, allowing
<lj> to count as an inline tag.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1276 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-04-20 03:12:42 +00:00
fiddlosopher
8624ed9bd3 The '--sanitize-html' option now examines URIs in markdown links
and images, and in HTML href and src attributes.  If the URI scheme
is not on a whitelist of safe schemes, it is rejected.  The main point
is to prevent cross-site scripting attacks using 'javascript:' URIs.
See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html
and http://ha.ckers.org/xss.html.  Resolves Issue #62.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-03-22 20:41:56 +00:00
fiddlosopher
614547b38e Use generic attributes type, not a string, for CodeBlocks.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1209 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-02-09 03:19:43 +00:00
fiddlosopher
9f7a14c210 Modified readers for new parameter in CodeBlock.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1199 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-02-09 03:18:03 +00:00
fiddlosopher
d474852f56 Removed unnecessary imports.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1189 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-01-16 02:18:23 +00:00
fiddlosopher
8fca649d05 Changed copyright dates where appropriate to include 2008.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1181 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-01-08 17:26:16 +00:00
fiddlosopher
2df432dc60 Changed comment used to replace unsafe HTML if sanitize-html option
selected.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1178 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-01-08 04:53:01 +00:00
fiddlosopher
5df912b162 Added optional HTML sanitization using a whitelist.
When this option is specified (--sanitize-html on the command line),
unsafe HTML tags will be replaced by HTML comments, and unsafe HTML
attributes will be removed.  This option should be especially useful
for those who want to use pandoc libraries in web applications, where
users will provide the input.

+ Main.hs:  Added --sanitize-html option.
+ Text.Pandoc.Shared:  Added stateSanitizeHTML to ParserState.
+ Text.Pandoc.Readers.HTML:
  - Added whitelists of sanitaryTags and sanitaryAttributes.
  - Added parsers to check these lists (and state) to see if a given
    tag or attribute should be counted unsafe.
  - Modified anyHtmlTag and anyHtmlEndTag to replace unsafe tags
    with comments.
  - Modified htmlAttribute to remove unsafe attributes.
  - Modified htmlScript and htmlStyle to remove these elements if
    unsafe.
  - Modified rawHtmlBlock to use anyHtmlBlockTag instead of anyHtmlTag
    and anyHtmlEndTag.  This fixes a bug in markdown parsing, where
    inline tags would be included in raw HTML blocks.
  - Modified anyHtmlBlockTag to test for (not inline) rather than
    directly for block.  This allows us to handle e.g. docbook in
    the markdown reader.
  - Minor tweaks in nonTitleNonHead  and parseTitle.
+ Text.Pandoc.Readers.Markdown:
  - In non-strict mode use rawHtmlBlocks instead of htmlBlock.
    Simplified htmlBlock, since we know it's only called in strict
    mode.
+ Modified README and man pages to document new option.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1166 788f1e2b-df1e-0410-8736-df70ead52e1b
2008-01-03 21:32:32 +00:00
fiddlosopher
e37df6db69 Fixed bug in the markdown reader: HTML preceding a code block
could cause it to be parsed as a paragraph.  (The problem is that
the HTML parser used to eat all blank space after an HTML block,
including the indentation of the code block.)  Resolves Issue #39.
+ In Text.Pandoc.Readers.HTML, removed parsing of following space
  from rawHtmlBlock.
+ In Text.Pandoc.Readers.Markdown, modified rawHtmlBlocks so that
  indentation is eaten *only* on the first line after the HTML
  block.  This means that in
  <div>
       foo
  <div>
  the foo won't be treated as a code block, but in
  <div>

      foo

  </div>
  it will.  This seems the right approach for least suprise.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1164 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-31 01:02:44 +00:00
fiddlosopher
ad5cbb78d0 HTML reader: Finished fixing Issue #40.
Contents of script tags were still being treated as markdown when
the script tags were parsed as inline.  Fixed by moving "script"
from the list of tags that can be either block or inline to the
list of block tags.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1163 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-31 00:45:54 +00:00
fiddlosopher
d989a78b3b HTML reader: Don't interpret contents of style tags as markdown.
Resolves Issue #40.
+ Added htmlStyle, analagous to htmlScript.
+ Use htmlStyle in htmlBlockElement and rawHtmlInline.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1162 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-31 00:05:03 +00:00
fiddlosopher
6e1a652429 Fixed bug in HTML reader: it was looking for <IT> tag, not <I>.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1161 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-30 02:21:01 +00:00
fiddlosopher
dad8e16330 Changed failure message in anyHtmlBlockTag (minor change).
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1153 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-24 04:22:08 +00:00
fiddlosopher
6802d287cf Modified rawHtmlBlock in HTML reader so it parses </html> and </body> tags.
This allows these tags to be handled correctly in Markdown.
HTML reader now uses rawHtmlBlock', which excludes </html> and </body>,
since these are handled in parseHtml.  (Resolves Issue #38.)


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1152 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-12-23 03:46:12 +00:00
fiddlosopher
9a67a486c2 Moved everything from src into the top-level directory.
git-svn-id: https://pandoc.googlecode.com/svn/trunk@1104 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-11-29 02:02:34 +00:00
fiddlosopher
47a4a3ab89 Removed Text directory. This is a remnant of an experiment
moving the contents of src/ to the top level, and should have
been deleted long ago.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1097 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-11-28 21:01:17 +00:00
fiddlosopher
4a841bfc54 Use template haskell to avoid the need for templates:
+ Added library Text.Pandoc.Include, with a template haskell
  function $(includeStrFrom fname) to include a file as a string
  constant at compile time.
+ This removes the need for the 'templates' directory or Makefile
  target.  These have been removed.
+ The base source directory has been changed from src to .
+ A new 'data' directory has been added, containing the ASCIIMathML.js
  script, writer headers, and S5 files.
+ The src/wrappers directory has been moved to 'wrappers'.
+ The Text.Pandoc.ASCIIMathML library is no longer needed, since
  Text.Pandoc.Writers.HTML can use includeStrFrom to include the
  ASCIIMathML.js code directly.  It has been removed.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1063 788f1e2b-df1e-0410-8736-df70ead52e1b
2007-11-03 22:14:03 +00:00
Renamed from src/Text/Pandoc/Readers/HTML.hs (Browse further)