Bot releases are hidden (Show)
Published by ariabuckles almost 4 years ago
Fixes an exponentially backtracking regex DoS in the strikethrough rule ( #95 / #92 )
please update on npm with npm install simple-markdown@latest
Published by ariabuckles almost 5 years ago
Changes:
This release also changes a bit of the internal structure of things. If you run into any issues with that or the above, please file an issue or message me on twitter @ariabuckles.
Published by ariabuckles almost 5 years ago
Adds a typescript type definition file (simple-markdown.d.ts).
Published by ariabuckles almost 5 years ago
Fixes an exponentially backtracking regex DoS (#73)
Published by ariabuckles about 5 years ago
Adds a new state.prevCapture
during parsing, so that match functions can use it instead of the third parameter to match()
. This state.prevCapture
is now an regex match object, the result of the last successful call to match, or null
if this is the first found match.
Unlike the previous third parameter to match()
, state.prevCapture
is not reset to empty during nested parse
traversals, giving you a more accurate view of the previous capture during nested parses (i.e. inside of block elements)
Published by ariabuckles about 5 years ago
Fixes #72 , where backticks inside inline code were sometimes removed.
Published by ariabuckles about 5 years ago
NOTE: v0.5.3 contains a bugfix on this release's change to inline code. I recommend using 0.5.3 instead
Fixes #71 and several other regex DDOS vulnerabilities.
Published by ariabuckles about 5 years ago
Fixes an issue where 0.5.0 would not uninstall from npm.
If you end up in this case, you can fix it by:
.git
folders in your simple-markdown dependencynpm install
Published by ariabuckles about 5 years ago
Fixes #63 an xss vulnerability in links with vbscript:
in their url
Published by ariabuckles about 5 years ago
PLEASE DO NOT USE. Use v0.5.1 instead, which fixes a bug that confuses npm, but is otherwise identical.
Fixes #68 and allows pipes to be escaped in tables.
Gets a minor version bump because it's a new feature / significant bug fix that could break existing code.
Published by ariabuckles over 5 years ago
Fixes #62
Published by ariabuckles about 6 years ago
0.4.2 is a bugfix release with the following changes:
25cc9b3dffe5bfab5fefc7ef0138101fb2567db5 : Export htmlTag() and reactElement(). Note: these should be considered experimental and the APIs are still subject to change in 1.0.
95d794f5eb4276ed0e16665433ea6e1a794f6116 : Fix escape sequences in italics/em rule/
09e55b4e4930e08a65715ed9493704ed65363384 : Fix escape sequences in bold/strong rule
The latter two have been things that have been bothering me for quite some time now >_<.
~Aria
Published by ariabuckles over 6 years ago
This release contains a lot of code changes, but the README isn't quite ready yet.
However, this release should address some issues users are seeing, and we can use this version as a dependency of other projects with fewer quirks.
Hoping to get the documentation and maybe a 1.0 soon.
Published by ariabuckles over 6 years ago
Fixes #48 ; see 3e926f5a1bdc3b2acb4549e423e9e27f2fbdd154 for more information.
Published by ariabuckles almost 7 years ago
This version includes better compatibility with react 16, thanks to @sophiebits and @sapegin, and some table parsing bugfixes, thanks to @dgca!
Other news: I'm working on some bigger changes for a potential 1.0!
Published by ariabuckles about 7 years ago
Bugfix for #31 (thanks @mgreer!), and a bugfix for link definitions ([1]: http://example.com "like this"
).
Published by ariabuckles about 7 years ago
Make rules at the same order compete with each other
This solves the em/strong interaction problem in a more general way,
allowing us to have, in general, rules that have the same tokens, and
have their precedence resolved by match quality (here longest match),
instead of requiring a forced precedence between them.
This change adds one new method to the rule API: quality
.
If present, quality must be a function that returns a number, indicating
the quality of the match/capture. This is used by bold/italics/u to
decide between which rule should capture a string that matches multiple
rules. If multuple rules are at the same order and have quality
functions, whichever rule's quality function returns the higher number
will win the match. If there are also rules at the same order without a
quality function, they will only win the match if none of the rule with
quality functions match.
Published by ariabuckles about 7 years ago
Fix an infinite loop/DoS vuln in the link rule
Makes the same modification from marked in this commit:
https://github.com/chjj/marked/commit/d53f20690fa141870bccab64b0d74dfe141462f7
Fixes issue #29
Published by ariabuckles over 8 years ago
Cleans up the em
regex a bit which should make it a tiny bit faster (and probably more importantly, makes the code work how it intends to, instead of by coincidence >_<). See 50b12c .
Published by ariabuckles over 8 years ago
This release adds simple-markdown.min.js.
simple-markdown has been pretty stable for a while now, so this will be 0.1.0 instead of 0.0.10.
There are no breaking changes in this release, despite the numbering scheme. Sorry :/