diff options
author | Xavier Mendez <jmendeth@gmail.com> | 2014-04-09 13:46:30 +0200 |
---|---|---|
committer | Xavier Mendez <jmendeth@gmail.com> | 2014-04-09 13:46:30 +0200 |
commit | 9b29045c1118f818edf594001c312cc55c4561f3 (patch) | |
tree | a09d6173b5cd37d43ac105f2e0c2dcb092a4e183 | |
parent | 08b0f2c3c76098cb34146a20e0d6228d2a2ccf09 (diff) | |
parent | 238c4d57cce10d33b05cf52a91fc62a09f31ffbb (diff) | |
download | rust-hoedown-9b29045c1118f818edf594001c312cc55c4561f3.tar.gz |
Merge branch 'master' into small-fixes
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | README.md | 8 | ||||
-rw-r--r-- | src/document.c | 2 |
3 files changed, 9 insertions, 2 deletions
@@ -7,3 +7,4 @@ hoedown.exp hoedown.lib smartypants libhoedown.so* +.DS_Store @@ -32,10 +32,14 @@ Features `Hoedown` has been extensively security audited, and includes protection against all possible DOS attacks (stack overflows, out of memory situations, malformed - Markdown syntax...) and against client attacks through malicious embedded HTML. + Markdown syntax...). We've worked very hard to make `Hoedown` never leak or crash under *any* input. + **Warning**: `Hoedown` doesn't validate or post-process the HTML in Markdown documents. + Unless you use `HTML_ESCAPE` or `HTML_SKIP`, you should strongly consider using a + good post-processor in conjunction with Hoedown to prevent client-side attacks. + * **Customizable renderers** `Hoedown` is not stuck with XHTML output: the Markdown parser of the library @@ -95,4 +99,6 @@ Just typing `make` will build `Hoedown` into a dynamic library and create the `h and `smartypants` executables, which are command-line tools to render Markdown to HTML and perform SmartyPants, respectively. +If you are using [CocoaPods](http://cocoapods.org), just add the line `pod 'hoedown'` to your Podfile and call `pod install`. + Or, if you prefer, you can just throw the files at `src` into your project. diff --git a/src/document.c b/src/document.c index cb1b9ab..ec7e45d 100644 --- a/src/document.c +++ b/src/document.c @@ -1356,7 +1356,7 @@ is_codefence(uint8_t *data, size_t size, size_t *width, uint8_t *chr) } /* expects single line, checks if it's a codefence and extracts language */ -static int +static size_t parse_codefence(uint8_t *data, size_t size, hoedown_buffer *lang, size_t *width, uint8_t *chr) { size_t i, w, lang_start; |