From f41e89807bebb83101004a640f17f1deee742345 Mon Sep 17 00:00:00 2001 From: Colin O'Dell Date: Sat, 14 Sep 2024 06:39:27 -0400 Subject: [PATCH 1/6] Make the security warning more obvious --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c5cc592f98..9542d2453d 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,8 @@ echo $converter->convert('# Hello World!'); Please note that only UTF-8 and ASCII encodings are supported. If your Markdown uses a different encoding please convert it to UTF-8 before running it through this library. -🔒 If you will be parsing untrusted input from users, please consider setting the `html_input` and `allow_unsafe_links` options per the example above. See for more details. If you also do choose to allow raw HTML input from untrusted users, consider using a library (like [HTML Purifier](https://github.com/ezyang/htmlpurifier)) to provide additional HTML filtering. +> [!CAUTION] +> If you will be parsing untrusted input from users, please consider setting the `html_input` and `allow_unsafe_links` options per the example above. See for more details. If you also do choose to allow raw HTML input from untrusted users, consider using a library (like [HTML Purifier](https://github.com/ezyang/htmlpurifier)) to provide additional HTML filtering. ## 📓 Documentation From 43a76d8578b7e43dbc89eb1ca8a5b24d956514ac Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 00:08:57 +0000 Subject: [PATCH 2/6] Update dependency jekyll to v4.3.4 --- docs/Gemfile.lock | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/docs/Gemfile.lock b/docs/Gemfile.lock index b204b957eb..b5a34e377d 100644 --- a/docs/Gemfile.lock +++ b/docs/Gemfile.lock @@ -1,10 +1,10 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.8.6) - public_suffix (>= 2.0.2, < 6.0) + addressable (2.8.7) + public_suffix (>= 2.0.2, < 7.0) colorator (1.1.0) - concurrent-ruby (1.2.2) + concurrent-ruby (1.2.3) em-websocket (0.5.3) eventmachine (>= 0.12.9) http_parser.rb (~> 0) @@ -37,7 +37,7 @@ GEM http_parser.rb (0.8.0) i18n (1.12.0) concurrent-ruby (~> 1.0) - jekyll (4.3.3) + jekyll (4.3.4) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) @@ -81,7 +81,8 @@ GEM rb-fsevent (0.11.2) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.2.6) + rexml (3.2.9) + strscan rouge (3.30.0) ruby2_keywords (0.0.5) safe_yaml (1.0.5) @@ -90,6 +91,7 @@ GEM sawyer (0.9.2) addressable (>= 2.3.5) faraday (>= 0.17.3, < 3) + strscan (3.1.0) terminal-table (2.0.0) unicode-display_width (~> 1.1, >= 1.1.1) unicode-display_width (1.8.0) From c1012711cab1987f766a8005f20c45f9eed22b77 Mon Sep 17 00:00:00 2001 From: Colin O'Dell Date: Thu, 17 Oct 2024 14:31:27 -0400 Subject: [PATCH 3/6] Update credits --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 9542d2453d..1cb85607e9 100644 --- a/README.md +++ b/README.md @@ -164,11 +164,13 @@ $ ./tests/benchmark/benchmark.php ## 👥 Credits & Acknowledgements -- [Colin O'Dell][@colinodell] -- [John MacFarlane][@jgm] -- [All Contributors] +This code was originally based on the [CommonMark JS reference implementation][commonmark.js] which is written, maintained, and copyrighted by [John MacFarlane]. This project simply wouldn't exist without his work. -This code is partially based on the [CommonMark JS reference implementation][commonmark.js] which is written, maintained and copyrighted by [John MacFarlane]. This project simply wouldn't exist without his work. +And a huge thanks to all of our amazing contributors: + + + + ### Sponsors From 88d5fa948bb9e0fb4b68e177deeca8237f3c6d7e Mon Sep 17 00:00:00 2001 From: chillbram Date: Tue, 3 Dec 2024 18:05:15 +0100 Subject: [PATCH 4/6] Remove redundant function call --- src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php b/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php index af0fdb17c7..f5f8c0bb69 100644 --- a/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php +++ b/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php @@ -44,7 +44,7 @@ public function getDelimiterUse(DelimiterInterface $opener, DelimiterInterface $ return 0; } - return \min($opener->getLength(), $closer->getLength()); + return $opener->getLength(); } public function process(AbstractStringContainer $opener, AbstractStringContainer $closer, int $delimiterUse): void From 29e61319002bd20457011af47ee0d1bd4b7c6e69 Mon Sep 17 00:00:00 2001 From: chillbram Date: Wed, 4 Dec 2024 14:12:51 +0100 Subject: [PATCH 5/6] Add explainer comment --- src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php b/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php index f5f8c0bb69..978e75a43f 100644 --- a/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php +++ b/src/Extension/Strikethrough/StrikethroughDelimiterProcessor.php @@ -44,6 +44,7 @@ public function getDelimiterUse(DelimiterInterface $opener, DelimiterInterface $ return 0; } + // $opener and $closer are the same length so we just return one of them return $opener->getLength(); } From c95ad24be5a668aceb52b0abedb83c0922e2d2b3 Mon Sep 17 00:00:00 2001 From: Colin O'Dell Date: Sat, 7 Dec 2024 08:57:09 -0500 Subject: [PATCH 6/6] Ignore phpstan false positive --- src/Normalizer/SlugNormalizer.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Normalizer/SlugNormalizer.php b/src/Normalizer/SlugNormalizer.php index d41ea24c17..7cfb960e3c 100644 --- a/src/Normalizer/SlugNormalizer.php +++ b/src/Normalizer/SlugNormalizer.php @@ -51,6 +51,7 @@ public function normalize(string $text, array $context = []): string $slug = \mb_substr($slug, 0, $length, 'UTF-8'); } + // @phpstan-ignore-next-line Because it thinks mb_substr() returns false on PHP 7.4 return $slug; } }