simple-markdown

Fixes an exponentially backtracking regex DoS in the strikethrough rule ( #95 / #92 )

please update on npm with npm install simple-markdown@latest

Changes:

• d26a2954 fixes flow types for the latest version of flow as of writing, 0.111.1
• #74 allows one level of balanced parenthesis in link targets without escaping those parenthesis

This release also changes a bit of the internal structure of things. If you run into any issues with that or the above, please file an issue or message me on twitter @ariabuckles.

Adds a typescript type definition file (simple-markdown.d.ts).

Fixes an exponentially backtracking regex DoS (#73)

Adds a new state.prevCapture during parsing, so that match functions can use it instead of the third parameter to match(). This state.prevCapture is now an regex match object, the result of the last successful call to match, or null if this is the first found match.

Unlike the previous third parameter to match(), state.prevCapture is not reset to empty during nested parse traversals, giving you a more accurate view of the previous capture during nested parses (i.e. inside of block elements)

Fixes #72 , where backticks inside inline code were sometimes removed.

NOTE: v0.5.3 contains a bugfix on this release's change to inline code. I recommend using 0.5.3 instead

Fixes #71 and several other regex DDOS vulnerabilities.

Fixes an issue where 0.5.0 would not uninstall from npm.

If you end up in this case, you can fix it by:

1. deleting your node modules
   • or just deleting any .git folders in your simple-markdown dependency
2. bumping your simple-markdown version to 0.5.1 or later
3. running npm install

Fixes #63 an xss vulnerability in links with vbscript: in their url

PLEASE DO NOT USE. Use v0.5.1 instead, which fixes a bug that confuses npm, but is otherwise identical.

Fixes #68 and allows pipes to be escaped in tables.

Gets a minor version bump because it's a new feature / significant bug fix that could break existing code.

Fixes #62

0.4.2 is a bugfix release with the following changes:

25cc9b3dffe5bfab5fefc7ef0138101fb2567db5 : Export htmlTag() and reactElement(). Note: these should be considered experimental and the APIs are still subject to change in 1.0.

95d794f5eb4276ed0e16665433ea6e1a794f6116 : Fix escape sequences in italics/em rule/

09e55b4e4930e08a65715ed9493704ed65363384 : Fix escape sequences in bold/strong rule

The latter two have been things that have been bothering me for quite some time now >_<.

~Aria

This release contains a lot of code changes, but the README isn't quite ready yet.

However, this release should address some issues users are seeing, and we can use this version as a dependency of other projects with fewer quirks.

Hoping to get the documentation and maybe a 1.0 soon.

Fixes #48 ; see 3e926f5a1bdc3b2acb4549e423e9e27f2fbdd154 for more information.

This version includes better compatibility with react 16, thanks to @sophiebits and @sapegin, and some table parsing bugfixes, thanks to @dgca!

Other news: I'm working on some bigger changes for a potential 1.0!

Bugfix for #31 (thanks @mgreer!), and a bugfix for link definitions ([1]: http://example.com "like this").

Make rules at the same order compete with each other

This solves the em/strong interaction problem in a more general way,
allowing us to have, in general, rules that have the same tokens, and
have their precedence resolved by match quality (here longest match),
instead of requiring a forced precedence between them.

This change adds one new method to the rule API: quality.

If present, quality must be a function that returns a number, indicating
the quality of the match/capture. This is used by bold/italics/u to
decide between which rule should capture a string that matches multiple
rules. If multuple rules are at the same order and have quality
functions, whichever rule's quality function returns the higher number
will win the match. If there are also rules at the same order without a
quality function, they will only win the match if none of the rule with
quality functions match.

Fix an infinite loop/DoS vuln in the link rule

Makes the same modification from marked in this commit:
https://github.com/chjj/marked/commit/d53f20690fa141870bccab64b0d74dfe141462f7

Fixes issue #29

Cleans up the em regex a bit which should make it a tiny bit faster (and probably more importantly, makes the code work how it intends to, instead of by coincidence >_<). See 50b12c .

This release adds simple-markdown.min.js.

simple-markdown has been pretty stable for a while now, so this will be 0.1.0 instead of 0.0.10.

There are no breaking changes in this release, despite the numbering scheme. Sorry :/