Fossil

Check-in [11064e46]
Login

Check-in [11064e46]

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Added ABBR tag to the HTML whitelist, per forum post 3ae85115a82. Ammended markdown help to refer to the safe-html setting.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256: 11064e46929294e89cb1b50625e85350d7969f0cfece94a5bfebf40e10cadb97
User & Date: stephan 2022-05-23 18:21:35
Context
2022-05-23
21:25
Added missing AMSK_TITLE permissions for the ABBR tag and refactored the MARKUP_xyz macros into an enum to support the upcoming addition of a few more benign element types. ... (check-in: 81deb15c user: stephan tags: trunk)
18:21
Added ABBR tag to the HTML whitelist, per forum post 3ae85115a82. Ammended markdown help to refer to the safe-html setting. ... (check-in: 11064e46 user: stephan tags: trunk)
2022-05-18
13:39
Fix a typo in an error message. ... (check-in: 3984c838 user: drh tags: trunk)
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/markdown.md.

185
186
187
188
189
190
191
192

193
194
195
196
197
198
199
> Character **^** is not part of a label, it is part of the syntax.
> Both a footnote's text and a fragment to which a footnote applies
> are subject to further interpretation as Markdown sources.

## Miscellaneous ##

> *   In-line images are made using **\!\[alt-text\]\(image-URL\)**.
> *   Use HTML for advanced formatting such as forms.

> *   **\<!--** HTML-style comments **-->** are supported.
> *   Escape special characters (ex: **\[** **\(** **\|** **\***)
>     using backslash (ex: **\\\[** **\\\(** **\\\|** **\\\***).
> *   A line consisting of **---**, **\*\*\***, or **\_\_\_** is a horizontal
>     rule.  Spaces and extra **-**/**\***/**_** are allowed.
> *   Paragraphs enclosed in **\<html\>...\</html\>** is passed through unchanged.
> *   See [daringfireball.net][] for additional information.







|
>







185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
> Character **^** is not part of a label, it is part of the syntax.
> Both a footnote's text and a fragment to which a footnote applies
> are subject to further interpretation as Markdown sources.

## Miscellaneous ##

> *   In-line images are made using **\!\[alt-text\]\(image-URL\)**.
> *   Use HTML for advanced formatting such as forms, noting that certain
>     tags are [disallowed in some contexts](/help?cmd=safe-html).
> *   **\<!--** HTML-style comments **-->** are supported.
> *   Escape special characters (ex: **\[** **\(** **\|** **\***)
>     using backslash (ex: **\\\[** **\\\(** **\\\|** **\\\***).
> *   A line consisting of **---**, **\*\*\***, or **\_\_\_** is a horizontal
>     rule.  Spaces and extra **-**/**\***/**_** are allowed.
> *   Paragraphs enclosed in **\<html\>...\</html\>** is passed through unchanged.
> *   See [daringfireball.net][] for additional information.

Changes to src/wikiformat.c.

173
174
175
176
177
178
179
180
181
182
183

184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252

/*
** Allowed markup.
**
** Except for MARKUP_INVALID, this must all be in alphabetical order
** and in numerical sequence.  The first markup type must be zero.
** The value for MARKUP_XYZ must correspond to the <xyz> entry
** in aAllowedMarkup[].
*/
#define MARKUP_INVALID            0
#define MARKUP_A                  1

#define MARKUP_ADDRESS            2
#define MARKUP_HTML5_ARTICLE      3
#define MARKUP_HTML5_ASIDE        4
#define MARKUP_B                  5
#define MARKUP_BIG                6
#define MARKUP_BLOCKQUOTE         7
#define MARKUP_BR                 8
#define MARKUP_CENTER             9
#define MARKUP_CITE               10
#define MARKUP_CODE               11
#define MARKUP_COL                12
#define MARKUP_COLGROUP           13
#define MARKUP_DD                 14
#define MARKUP_DEL                15
#define MARKUP_DFN                16
#define MARKUP_DIV                17
#define MARKUP_DL                 18
#define MARKUP_DT                 19
#define MARKUP_EM                 20
#define MARKUP_FONT               21
#define MARKUP_HTML5_FOOTER       22
#define MARKUP_H1                 23
#define MARKUP_H2                 24
#define MARKUP_H3                 25
#define MARKUP_H4                 26
#define MARKUP_H5                 27
#define MARKUP_H6                 28
#define MARKUP_HTML5_HEADER       29
#define MARKUP_HR                 30
#define MARKUP_I                  31
#define MARKUP_IMG                32
#define MARKUP_INS                33
#define MARKUP_KBD                34
#define MARKUP_LI                 35
#define MARKUP_HTML5_NAV          36
#define MARKUP_NOBR               37
#define MARKUP_NOWIKI             38
#define MARKUP_OL                 39
#define MARKUP_P                  40
#define MARKUP_PRE                41
#define MARKUP_S                  42
#define MARKUP_SAMP               43
#define MARKUP_HTML5_SECTION      44
#define MARKUP_SMALL              45
#define MARKUP_SPAN               46
#define MARKUP_STRIKE             47
#define MARKUP_STRONG             48
#define MARKUP_SUB                49
#define MARKUP_SUP                50
#define MARKUP_TABLE              51
#define MARKUP_TBODY              52
#define MARKUP_TD                 53
#define MARKUP_TFOOT              54
#define MARKUP_TH                 55
#define MARKUP_THEAD              56
#define MARKUP_TITLE              57
#define MARKUP_TR                 58
#define MARKUP_TT                 59
#define MARKUP_U                  60
#define MARKUP_UL                 61
#define MARKUP_VAR                62
#define MARKUP_VERBATIM           63

/*
** The various markup is divided into the following types:
*/
#define MUTYPE_SINGLE      0x0001   /* <img>, <br>, or <hr> */
#define MUTYPE_BLOCK       0x0002   /* Forms a new paragraph. ex: <p>, <h2> */
#define MUTYPE_FONT        0x0004   /* Font changes. ex: <b>, <font>, <sub> */







|



>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|







173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

/*
** Allowed markup.
**
** Except for MARKUP_INVALID, this must all be in alphabetical order
** and in numerical sequence.  The first markup type must be zero.
** The value for MARKUP_XYZ must correspond to the <xyz> entry
** in aMarkup[].
*/
#define MARKUP_INVALID            0
#define MARKUP_A                  1
#define MARKUP_ABBR               2
#define MARKUP_ADDRESS            3
#define MARKUP_HTML5_ARTICLE      4
#define MARKUP_HTML5_ASIDE        5
#define MARKUP_B                  6
#define MARKUP_BIG                7
#define MARKUP_BLOCKQUOTE         8
#define MARKUP_BR                 9
#define MARKUP_CENTER             10
#define MARKUP_CITE               11
#define MARKUP_CODE               12
#define MARKUP_COL                13
#define MARKUP_COLGROUP           14
#define MARKUP_DD                 15
#define MARKUP_DEL                16
#define MARKUP_DFN                17
#define MARKUP_DIV                18
#define MARKUP_DL                 19
#define MARKUP_DT                 20
#define MARKUP_EM                 21
#define MARKUP_FONT               22
#define MARKUP_HTML5_FOOTER       23
#define MARKUP_H1                 24
#define MARKUP_H2                 25
#define MARKUP_H3                 26
#define MARKUP_H4                 27
#define MARKUP_H5                 28
#define MARKUP_H6                 29
#define MARKUP_HTML5_HEADER       30
#define MARKUP_HR                 31
#define MARKUP_I                  32
#define MARKUP_IMG                33
#define MARKUP_INS                34
#define MARKUP_KBD                35
#define MARKUP_LI                 36
#define MARKUP_HTML5_NAV          37
#define MARKUP_NOBR               38
#define MARKUP_NOWIKI             39
#define MARKUP_OL                 40
#define MARKUP_P                  41
#define MARKUP_PRE                42
#define MARKUP_S                  43
#define MARKUP_SAMP               44
#define MARKUP_HTML5_SECTION      45
#define MARKUP_SMALL              46
#define MARKUP_SPAN               47
#define MARKUP_STRIKE             48
#define MARKUP_STRONG             49
#define MARKUP_SUB                50
#define MARKUP_SUP                51
#define MARKUP_TABLE              52
#define MARKUP_TBODY              53
#define MARKUP_TD                 54
#define MARKUP_TFOOT              55
#define MARKUP_TH                 56
#define MARKUP_THEAD              57
#define MARKUP_TITLE              58
#define MARKUP_TR                 59
#define MARKUP_TT                 60
#define MARKUP_U                  61
#define MARKUP_UL                 62
#define MARKUP_VAR                63
#define MARKUP_VERBATIM           64

/*
** The various markup is divided into the following types:
*/
#define MUTYPE_SINGLE      0x0001   /* <img>, <br>, or <hr> */
#define MUTYPE_BLOCK       0x0002   /* Forms a new paragraph. ex: <p>, <h2> */
#define MUTYPE_FONT        0x0004   /* Font changes. ex: <b>, <font>, <sub> */
277
278
279
280
281
282
283


284
285
286
287
288
289
290
  short int iType;         /* The MUTYPE_* code */
  int allowedAttr;         /* Allowed attributes on this markup */
} aMarkup[] = {
 { 0,               MARKUP_INVALID,      0,                    0  },
 { "a",             MARKUP_A,            MUTYPE_HYPERLINK,
                    AMSK_HREF|AMSK_NAME|AMSK_CLASS|AMSK_TARGET|AMSK_STYLE|
                    AMSK_TITLE},


 { "address",       MARKUP_ADDRESS,      MUTYPE_BLOCK,         AMSK_STYLE },
 { "article",       MARKUP_HTML5_ARTICLE, MUTYPE_BLOCK,
                                            AMSK_ID|AMSK_CLASS|AMSK_STYLE },
 { "aside",         MARKUP_HTML5_ASIDE,  MUTYPE_BLOCK,
                                            AMSK_ID|AMSK_CLASS|AMSK_STYLE },

 { "b",             MARKUP_B,            MUTYPE_FONT,          AMSK_STYLE },







>
>







278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
  short int iType;         /* The MUTYPE_* code */
  int allowedAttr;         /* Allowed attributes on this markup */
} aMarkup[] = {
 { 0,               MARKUP_INVALID,      0,                    0  },
 { "a",             MARKUP_A,            MUTYPE_HYPERLINK,
                    AMSK_HREF|AMSK_NAME|AMSK_CLASS|AMSK_TARGET|AMSK_STYLE|
                    AMSK_TITLE},
 { "abbr",          MARKUP_ABBR,         MUTYPE_FONT,
                    AMSK_ID|AMSK_CLASS|AMSK_STYLE },
 { "address",       MARKUP_ADDRESS,      MUTYPE_BLOCK,         AMSK_STYLE },
 { "article",       MARKUP_HTML5_ARTICLE, MUTYPE_BLOCK,
                                            AMSK_ID|AMSK_CLASS|AMSK_STYLE },
 { "aside",         MARKUP_HTML5_ASIDE,  MUTYPE_BLOCK,
                                            AMSK_ID|AMSK_CLASS|AMSK_STYLE },

 { "b",             MARKUP_B,            MUTYPE_FONT,          AMSK_STYLE },