Comments (5)
Try this patch:
diff --git a/markdown.c b/markdown.c
index dc7deea..ad0ea62 100644
--- a/markdown.c
+++ b/markdown.c
@@ -938,7 +938,7 @@ compile_document(Line *ptr, MMIOT *f)
int eaten;
while ( ptr ) {
- if ( !(f->flags & DENY_HTML) && (tag = isopentag(ptr)) ) {
+ if ( (tag = isopentag(ptr)) && ((tag == &comment) || !(f->flags & DENY_H
/* If we encounter a html/style block, compile and save all
* of the cached source BEFORE processing the html/style.
*/
I may put it in, but right now I'm worried about security implications (are there flaws in my html block parser that would let someone sneak malign content into the code) and policy implications (some of the sites that use discount run it with -fnohtml, and may be annoyed if any raw html gets through, even if it's just a comment.)
from discount.
I'll pentest it tomorrow, as I have to sleep right now. If it does turn out to have any security vulnerabilities, you can just strip the comments from output.
from discount.
If I have to wrapper discount to strip comments, I would be better off not specialcasing html comments in the first place.
I'm going to close this issue and query the userbase about whether breaking -fnohtml is a good exchange for always having html comments.
from discount.
Upon further consideration there's already a way to pass comments in regular text,
thanks to the raw: pseudo-protocol.
The snippet
text and begin a comment end
generates
p>text and
without having to wait for any future enhancements to the code.
from discount.
Oh, and it works right now, obviously, if discount is in an allow-html mode.
The example was supposed to be
[begin]: raw:<!--
[end]: raw:-->
text and [begin] a comment [end]
from discount.
Related Issues (20)
- Call to ldconfig in librarian.sh cannot be disabled HOT 3
- make fails with link error HOT 2
- New release soon? HOT 4
- Flag for copying img alt text to title. HOT 5
- About the latest release HOT 7
- Mishandling Activity Pub addresses? HOT 1
- Mishandling of two footnotes one after another HOT 4
- [Feature suggestion] Relaxed parsing for <?theme action?> HOT 1
- [Feature suggestion] Allow class-blocks with multiple classes HOT 2
- RFE: is it possible to start making github releases?🤔 HOT 2
- [crash] When using -x -E, the program attempts to free a string in argv HOT 3
- [crash] When using -T and provide a lot of '#', a heap-buffer-overflow is occured HOT 2
- [crash] Null pointer dereference occurs when using -d HOT 2
- [crash] Out-of-bounds read occurs when using -F 0x03000000 HOT 2
- [crash] Heap buffer overflow occurs when generating a TOC for a header with a lot of spaces as suffix HOT 1
- [crash] heap-use-after-free occurs when using -b and -E HOT 3
- 2.2.7d: is not gcc 14.x ready HOT 3
- # inside <Code> HOT 3
- Fence code block issue HOT 10
- Intentional fallthroughs? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from discount.