Add support for GFM tagfilter

author: Titus Wormer <tituswormer@gmail.com> 2022-09-01 12:18:43 +0200
committer: Titus Wormer <tituswormer@gmail.com> 2022-09-01 12:18:43 +0200
commit: 6fd5d61ed9b8cb66c13f44893d50025c9a87b217 (patch)
tree: dc471f61a8b4cec968a98ad61b3d4f14745d6c3b /src/lib.rs
parent: fa363dbba79f50001a22d1c90b8fb2009101d48c (diff)
download: markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.tar.gz
markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.tar.bz2
markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.zip
1 files changed, 47 insertions, 0 deletions
diff --git a/src/lib.rs b/src/lib.rs
index 0cf4f49..e3fdfcb 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -732,6 +732,52 @@ pub struct Options {
     /// ```
     pub gfm_strikethrough_single_tilde: bool,
 
+    /// Whether to support the GFM tagfilter, when `allow_dangerous_html` is on
+    /// (default: `false`).
+    ///
+    /// The tagfilter is kinda weird and kinda useless.
+    /// The tag filter is a naïve attempt at XSS protection.
+    /// You should use a proper HTML sanitizing algorithm.
+    ///
+    /// ## Examples
+    ///
+    /// ```
+    /// use micromark::{micromark_with_options, Options, Constructs};
+    ///
+    /// // With `allow_dangerous_html`, micromark passes HTML through untouched:
+    /// assert_eq!(
+    ///     micromark_with_options(
+    ///         "<iframe>",
+    ///         &Options {
+    ///             allow_dangerous_html: true,
+    ///             constructs: Constructs::gfm(),
+    ///             ..Options::default()
+    ///         }
+    ///     ),
+    ///     "<iframe>"
+    /// );
+    ///
+    /// // Pass `gfm_tagfilter: true` to make some of that safe:
+    /// assert_eq!(
+    ///     micromark_with_options(
+    ///         "<iframe>",
+    ///         &Options {
+    ///             allow_dangerous_html: true,
+    ///             constructs: Constructs::gfm(),
+    ///             gfm_tagfilter: true,
+    ///             ..Options::default()
+    ///         }
+    ///     ),
+    ///     "&lt;iframe>"
+    /// );
+    /// ```
+    ///
+    /// ## References
+    ///
+    /// *   [*§ 6.1 Disallowed Raw HTML (extension)* in GFM](https://github.github.com/gfm/#disallowed-raw-html-extension-)
+    /// *   [`cmark-gfm#extensions/tagfilter.c`](https://github.com/github/cmark-gfm/blob/master/extensions/tagfilter.c)
+    pub gfm_tagfilter: bool,
+
     /// Whether to support math (text) (if enabled in `constructs`) with a
     /// single dollar (default: `true`).
     ///
@@ -791,6 +837,7 @@ impl Default for Options {
             gfm_footnote_back_label: None,
             gfm_footnote_clobber_prefix: None,
             gfm_strikethrough_single_tilde: true,
+            gfm_tagfilter: false,
             math_text_single_dollar: true,
         }
     }
author	Titus Wormer <tituswormer@gmail.com>	2022-09-01 12:18:43 +0200
committer	Titus Wormer <tituswormer@gmail.com>	2022-09-01 12:18:43 +0200
commit	6fd5d61ed9b8cb66c13f44893d50025c9a87b217 (patch)
tree	dc471f61a8b4cec968a98ad61b3d4f14745d6c3b /src/lib.rs
parent	fa363dbba79f50001a22d1c90b8fb2009101d48c (diff)
download	markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.tar.gz markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.tar.bz2 markdown-rs-6fd5d61ed9b8cb66c13f44893d50025c9a87b217.zip