[Pkg-javascript-commits] [Git][js-team/node-marked][upstream] New upstream version 4.0.17+ds+~4.0.3
Yadd (@yadd)
gitlab at salsa.debian.org
Thu Jun 30 10:18:36 BST 2022
Yadd pushed to branch upstream at Debian JavaScript Maintainers / node-marked
Commits:
1031b64d by Yadd at 2022-06-30T10:56:18+02:00
New upstream version 4.0.17+ds+~4.0.3
- - - - -
13 changed files:
- README.md
- docs/INDEX.md
- package-lock.json
- package.json
- src/Tokenizer.js
- + test/specs/new/fences_following_list.html
- + test/specs/new/fences_following_list.md
- + test/specs/new/fences_with_blankline_following_list_0.html
- + test/specs/new/fences_with_blankline_following_list_0.md
- + test/specs/new/fences_with_blankline_following_list_1.html
- + test/specs/new/fences_with_blankline_following_list_1.md
- + test/specs/new/heading_following_list.html
- + test/specs/new/heading_following_list.md
Changes:
=====================================
README.md
=====================================
@@ -37,9 +37,17 @@ Also read about:
## Installation
-**CLI:** `npm install -g marked`
+**CLI:**
-**In-browser:** `npm install marked`
+```sh
+npm install -g marked
+```
+
+**In-browser:**
+
+```sh
+npm install marked
+```
## Usage
=====================================
docs/INDEX.md
=====================================
@@ -25,7 +25,7 @@ These documentation pages are also rendered using marked 💯
<h2 id="usage">Usage</h2>
-### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. Please use a sanitize library, like [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [sanitize-html](https://github.com/apostrophecms/sanitize-html) or [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨
+### Warning: 🚨 Marked does not [sanitize](/using_advanced#options) the output HTML. If you are processing potentially unsafe strings, it's important to filter for possible XSS attacks. Some filtering options include [DOMPurify](https://github.com/cure53/DOMPurify) (recommended), [js-xss](https://github.com/leizongmin/js-xss), [sanitize-html](https://github.com/apostrophecms/sanitize-html) and [insane](https://github.com/bevacqua/insane) on the *output* HTML! 🚨
```
DOMPurify.sanitize(marked.parse(`<img src="x" onerror="alert('not happening')">`));
=====================================
package-lock.json
=====================================
The diff for this file was not included because it is too large.
=====================================
package.json
=====================================
@@ -2,7 +2,7 @@
"name": "marked",
"description": "A markdown parser built for speed",
"author": "Christopher Jeffrey",
- "version": "4.0.16",
+ "version": "4.0.17",
"type": "module",
"main": "./lib/marked.cjs",
"module": "./lib/marked.esm.js",
@@ -42,8 +42,8 @@
"html"
],
"devDependencies": {
- "@babel/core": "^7.17.10",
- "@babel/preset-env": "^7.17.10",
+ "@babel/core": "^7.18.2",
+ "@babel/preset-env": "^7.18.2",
"@markedjs/html-differ": "^4.0.2",
"@rollup/plugin-babel": "^5.3.1",
"@rollup/plugin-commonjs": "^22.0.0",
@@ -52,23 +52,23 @@
"@semantic-release/github": "^8.0.4",
"@semantic-release/npm": "^9.0.1",
"@semantic-release/release-notes-generator": "^10.0.3",
- "cheerio": "^1.0.0-rc.10",
+ "cheerio": "^1.0.0-rc.11",
"commonmark": "0.30.0",
- "eslint": "^8.15.0",
+ "eslint": "^8.17.0",
"eslint-config-standard": "^17.0.0",
"eslint-plugin-import": "^2.26.0",
- "eslint-plugin-n": "^15.2.0",
+ "eslint-plugin-n": "^15.2.1",
"eslint-plugin-promise": "^6.0.0",
"front-matter": "^4.0.2",
"highlight.js": "^11.5.1",
"jasmine": "^4.1.0",
"markdown-it": "13.0.1",
- "node-fetch": "^3.2.4",
- "rollup": "^2.73.0",
- "rollup-plugin-license": "^2.7.0",
- "semantic-release": "^19.0.2",
+ "node-fetch": "^3.2.5",
+ "rollup": "^2.75.5",
+ "rollup-plugin-license": "^2.8.0",
+ "semantic-release": "^19.0.3",
"titleize": "^3.0.0",
- "uglify-js": "^3.15.5",
+ "uglify-js": "^3.16.0",
"vuln-regex-detector": "^1.3.0"
},
"scripts": {
=====================================
src/Tokenizer.js
=====================================
@@ -226,6 +226,7 @@ export class Tokenizer {
if (!endEarly) {
const nextBulletRegex = new RegExp(`^ {0,${Math.min(3, indent - 1)}}(?:[*+-]|\\d{1,9}[.)])((?: [^\\n]*)?(?:\\n|$))`);
const hrRegex = new RegExp(`^ {0,${Math.min(3, indent - 1)}}((?:- *){3,}|(?:_ *){3,}|(?:\\* *){3,})(?:\\n+|$)`);
+ const fencesBeginRegex = new RegExp(`^( {0,${Math.min(3, indent - 1)}})(\`\`\`|~~~)`);
// Check if following lines should be included in List Item
while (src) {
@@ -237,6 +238,16 @@ export class Tokenizer {
line = line.replace(/^ {1,4}(?=( {4})*[^ ])/g, ' ');
}
+ // End list item if found code fences
+ if (fencesBeginRegex.test(line)) {
+ break;
+ }
+
+ // End list item if found start of new heading
+ if (this.rules.block.heading.test(line)) {
+ break;
+ }
+
// End list item if found start of new bullet
if (nextBulletRegex.test(line)) {
break;
=====================================
test/specs/new/fences_following_list.html
=====================================
@@ -0,0 +1,7 @@
+<ol>
+<li>abcd</li>
+</ol>
+<pre><code>if {
+
+}
+</code></pre>
=====================================
test/specs/new/fences_following_list.md
=====================================
@@ -0,0 +1,5 @@
+1. abcd
+```
+if {
+}
+```
=====================================
test/specs/new/fences_with_blankline_following_list_0.html
=====================================
@@ -0,0 +1,23 @@
+<ol>
+<li>code with blankline</li>
+</ol>
+<pre><code>if {
+
+}
+</code></pre>
+<ol start="2">
+<li>code and text</li>
+</ol>
+<pre><code>if {
+
+}
+</code></pre>
+<p>text after fenced code block.</p>
+<ol start="3">
+<li>tilde</li>
+</ol>
+<pre><code>if {
+
+
+}
+</code></pre>
=====================================
test/specs/new/fences_with_blankline_following_list_0.md
=====================================
@@ -0,0 +1,22 @@
+1. code with blankline
+```
+if {
+
+}
+```
+
+2. code and text
+```
+if {
+
+
+}
+```
+text after fenced code block.
+
+3. tilde
+~~~
+if {
+
+}
+~~~
=====================================
test/specs/new/fences_with_blankline_following_list_1.html
=====================================
@@ -0,0 +1,22 @@
+<ol>
+<li><p>code with blankline</p>
+<pre><code>if {
+
+}
+</code></pre>
+</li>
+<li><p>code and text</p>
+<pre><code>if {
+
+}
+</code></pre>
+<p>text after fenced code block.</p>
+</li>
+<li><p>tilde</p>
+<pre><code>if {
+
+
+}
+</code></pre>
+</li>
+</ol>
=====================================
test/specs/new/fences_with_blankline_following_list_1.md
=====================================
@@ -0,0 +1,23 @@
+1. code with blankline
+ ```
+ if {
+
+ }
+ ```
+
+2. code and text
+ ```
+ if {
+
+
+ }
+ ```
+ text after fenced code block.
+
+3. tilde
+ ~~~
+ if {
+
+ }
+ ~~~
+
=====================================
test/specs/new/heading_following_list.html
=====================================
@@ -0,0 +1,8 @@
+<h1 id="level1">level1</h1>
+<h2 id="level2">level2</h2>
+<h3 id="level3">level3</h3>
+<ul>
+ <li>foo=bar</li>
+ <li>foo2=bar2</li>
+</ul>
+<h3 id="level3-1">level3</h3>
=====================================
test/specs/new/heading_following_list.md
=====================================
@@ -0,0 +1,6 @@
+# level1
+## level2
+### level3
+- foo=bar
+- foo2=bar2
+### level3
View it on GitLab: https://salsa.debian.org/js-team/node-marked/-/commit/1031b64d80fa3b116b3cd8a452411ab63c2e1060
--
View it on GitLab: https://salsa.debian.org/js-team/node-marked/-/commit/1031b64d80fa3b116b3cd8a452411ab63c2e1060
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-commits/attachments/20220630/1b5c9e0b/attachment-0001.htm>
More information about the Pkg-javascript-commits
mailing list