diff options
Diffstat (limited to 'format.c')
| -rw-r--r-- | format.c | 30 |
1 files changed, 24 insertions, 6 deletions
| @@ -56,7 +56,8 @@ static xs_str *format_line(const char *line, xs_list **attach) | |||
| 56 | /* markup */ | 56 | /* markup */ |
| 57 | if (xs_startswith(v, "`")) { | 57 | if (xs_startswith(v, "`")) { |
| 58 | xs *s1 = xs_crop_i(xs_dup(v), 1, -1); | 58 | xs *s1 = xs_crop_i(xs_dup(v), 1, -1); |
| 59 | xs *s2 = xs_fmt("<code>%s</code>", s1); | 59 | xs *e1 = encode_html(s1); |
| 60 | xs *s2 = xs_fmt("<code>%s</code>", e1); | ||
| 60 | s = xs_str_cat(s, s2); | 61 | s = xs_str_cat(s, s2); |
| 61 | } | 62 | } |
| 62 | else | 63 | else |
| @@ -134,11 +135,28 @@ xs_str *not_really_markdown(const char *content, xs_list **attach) | |||
| 134 | continue; | 135 | continue; |
| 135 | } | 136 | } |
| 136 | 137 | ||
| 137 | if (in_pre) | 138 | if (in_pre) { |
| 138 | ss = xs_dup(v); | 139 | // Encode all HTML characters when we're in pre element until we are out. |
| 140 | ss = encode_html(xs_dup(v)); | ||
| 141 | |||
| 142 | s = xs_str_cat(s, ss); | ||
| 143 | s = xs_str_cat(s, "<br>"); | ||
| 144 | continue; | ||
| 145 | } | ||
| 146 | |||
| 139 | else | 147 | else |
| 140 | ss = xs_strip_i(format_line(v, attach)); | 148 | ss = xs_strip_i(format_line(v, attach)); |
| 141 | 149 | ||
| 150 | if (xs_startswith(ss, "---")) { | ||
| 151 | /* delete the --- */ | ||
| 152 | ss = xs_strip_i(xs_crop_i(ss, 3, 0)); | ||
| 153 | s = xs_str_cat(s, "<hr>"); | ||
| 154 | |||
| 155 | s = xs_str_cat(s, ss); | ||
| 156 | |||
| 157 | continue; | ||
| 158 | } | ||
| 159 | |||
| 142 | if (xs_startswith(ss, ">")) { | 160 | if (xs_startswith(ss, ">")) { |
| 143 | /* delete the > and subsequent spaces */ | 161 | /* delete the > and subsequent spaces */ |
| 144 | ss = xs_strip_i(xs_crop_i(ss, 1, 0)); | 162 | ss = xs_strip_i(xs_crop_i(ss, 1, 0)); |
| @@ -186,8 +204,8 @@ xs_str *not_really_markdown(const char *content, xs_list **attach) | |||
| 186 | 204 | ||
| 187 | 205 | ||
| 188 | const char *valid_tags[] = { | 206 | const char *valid_tags[] = { |
| 189 | "a", "p", "br", "br/", "blockquote", "ul", "ol", "li", "cite", | 207 | "a", "p", "br", "br/", "blockquote", "ul", "ol", "li", "cite", "small", |
| 190 | "span", "i", "b", "u", "pre", "code", "em", "strong", NULL | 208 | "span", "i", "b", "u", "pre", "code", "em", "strong", "hr", "img", "del", NULL |
| 191 | }; | 209 | }; |
| 192 | 210 | ||
| 193 | xs_str *sanitize(const char *content) | 211 | xs_str *sanitize(const char *content) |
| @@ -219,7 +237,7 @@ xs_str *sanitize(const char *content) | |||
| 219 | 237 | ||
| 220 | if (valid_tags[i]) { | 238 | if (valid_tags[i]) { |
| 221 | /* accepted tag: rebuild it with only the accepted elements */ | 239 | /* accepted tag: rebuild it with only the accepted elements */ |
| 222 | xs *el = xs_regex_match(v, "(href|rel|class|target)=\"[^\"]*\""); | 240 | xs *el = xs_regex_match(v, "(src|href|rel|class|target)=\"[^\"]*\""); |
| 223 | xs *s3 = xs_join(el, " "); | 241 | xs *s3 = xs_join(el, " "); |
| 224 | 242 | ||
| 225 | s2 = xs_fmt("<%s%s%s%s>", | 243 | s2 = xs_fmt("<%s%s%s%s>", |