Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default to safe operation #123

Merged
merged 2 commits into from
Oct 17, 2018
Merged

Default to safe operation #123

merged 2 commits into from
Oct 17, 2018

Conversation

kivikakk
Copy link

See https://lobste.rs/s/szw60m/safemd_markdown_renderer_focusing_on.

This will break a number of upstream consuming libraries.

/cc @Hultner

@kivikakk kivikakk merged commit f64691b into master Oct 17, 2018
@kivikakk kivikakk deleted the safe-unsafe branch October 17, 2018 03:43
@kivikakk kivikakk mentioned this pull request Oct 17, 2018
Merged
@Hultner
Copy link

Hultner commented Oct 17, 2018

This is great!
Thanks for making this change :)

@Hultner Hultner mentioned this pull request Oct 17, 2018
Closed
@cmonr
Copy link

cmonr commented Oct 17, 2018
edited
Loading

@kivikakk Awesome to see this come in so quick, but a few questions:

  • Is there an eta on when GH will make the changes live?
  • Is there a way for projects currently using GH markup to run it against safemd?

@kivikakk
Copy link
Author

  • Is there an eta on when GH will make the changes live?

This change won't be used on github.com -- as you might expect, we've had our own HTML sanitizer as part of our user content pipeline in operation for years, so we'll continue to use cmark-gfm in "unsafe" mode. This change is to make the default experience safer -- users who have more advanced or customised sanitisation needs will want to use their own post-processing sanitiser like we do.

  • Is there a way for projects currently using GH markup to run it against safemd?

Could you clarify what you mean? safemd itself isn't part of the GitHub stack, so it won't be available on github.com.

@iquiw iquiw mentioned this pull request Nov 1, 2018
Closed
jgm added a commit to commonmark/cmark that referenced this pull request Mar 18, 2019
@jgm
Make rendering safe by default.
325a147 
Removes CMARK_OPT_SAFE from options.

Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links.  The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.

--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------

Closes #239, #273.

Borrows heavily from @kivikakk's patch in github#123.
@kivikakk kivikakk mentioned this pull request Aug 13, 2020
Closed
talum pushed a commit that referenced this pull request Sep 14, 2021
Default to safe operation (#123)
a6745b5 
* default to safe

* fix setter test
talum pushed a commit that referenced this pull request Sep 14, 2021
@jgm
Make rendering safe by default.
89c6b9b 
Removes CMARK_OPT_SAFE from options.

Adds CMARK_OPT_UNSAFE, with the opposite meaning.
The new default behavior is to suppress raw HTML and
potentially dangerous links.  The CMARK_OPT_UNSAFE
option has to be set explicitly to prevent this.

--------------------------------------------------------
NOTE: This change will require modifications in
bindings for cmark and in most libraries and programs
that use cmark.
--------------------------------------------------------

Closes #239, #273.

Borrows heavily from @kivikakk's patch in #123.
@waldyrious waldyrious mentioned this pull request Oct 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kivikakk @Hultner @cmonr