From 8ab482af918f6b5c296dca80f0c67e924c06b5c2 Mon Sep 17 00:00:00 2001
From: Xavier Mendez <jmendeth@gmail.com>
Date: Thu, 17 Apr 2014 12:53:55 +0200
Subject: html: Remove SKIP_{STYLE,IMAGES,LINKS} flags (see #62)

Even with these flags active, injections and XSS are still easily possible.

Providing full attribute checking, HTML validation, ... is out of the
scope of Hoedown, therefore this "security" features only create
a false sense of security rather than actually providing it.
---
 bin/hoedown.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

(limited to 'bin')

diff --git a/bin/hoedown.c b/bin/hoedown.c
index c6b5bdc..49a22d9 100644
--- a/bin/hoedown.c
+++ b/bin/hoedown.c
@@ -74,14 +74,11 @@ static struct extension_info extensions_info[] = {
 
 static struct html_flag_info html_flags_info[] = {
 	{HOEDOWN_HTML_SKIP_HTML, "skip-html", "Strip all HTML tags."},
-	{HOEDOWN_HTML_SKIP_STYLE, "skip-style", "Strip <style> tags."},
-	{HOEDOWN_HTML_SKIP_IMAGES, "skip-images", "Don't render images."},
-	{HOEDOWN_HTML_SKIP_LINKS, "skip-links", "Don't render links."},
+	{HOEDOWN_HTML_ESCAPE, "escape", "Escape all HTML."},
 	{HOEDOWN_HTML_EXPAND_TABS, "expand-tabs", "Expand tabs to spaces."},
 	{HOEDOWN_HTML_SAFELINK, "safelink", "Only allow links to safe protocols."},
 	{HOEDOWN_HTML_HARD_WRAP, "hard-wrap", "Render each linebreak as <br>."},
 	{HOEDOWN_HTML_USE_XHTML, "xhtml", "Render XHTML."},
-	{HOEDOWN_HTML_ESCAPE, "escape", "Escape all HTML."},
 };
 
 static const char *category_prefix = "all-";
-- 
cgit v1.2.1