From b0290abb6774de8f6591f33fb5d467bd26921013 Mon Sep 17 00:00:00 2001 From: Clemens Gruber Date: Sat, 29 Mar 2014 17:15:58 +0100 Subject: [PATCH 1/4] Update README.md Add a note about installing hoedown via CocoaPods. --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 87fc7f3..37b451f 100644 --- a/README.md +++ b/README.md @@ -96,4 +96,6 @@ Just typing `make` will build `Hoedown` into a dynamic library and create the `h and `smartypants` executables, which are command-line tools to render Markdown to HTML and perform SmartyPants, respectively. +If you are using [CocoaPods](http://cocoapods.org), just add the line `pod 'hoedown'` to your Podfile and call `pod install`. + Or, if you prefer, you can just throw the files at `src` into your project. From 50564c5b9e3305efd84d193324dbbdcd9293a6be Mon Sep 17 00:00:00 2001 From: Clemens Gruber Date: Sat, 5 Apr 2014 17:11:37 +0200 Subject: [PATCH 2/4] Fix implicit conversion loss compiler warning in parse_codefence --- src/document.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/document.c b/src/document.c index 4569e21..78d5527 100644 --- a/src/document.c +++ b/src/document.c @@ -1356,7 +1356,7 @@ is_codefence(uint8_t *data, size_t size, size_t *width, uint8_t *chr) } /* expects single line, checks if it's a codefence and extracts language */ -static int +static size_t parse_codefence(uint8_t *data, size_t size, hoedown_buffer *lang, size_t *width, uint8_t *chr) { size_t i, w, lang_start; From b751c1708950292e96bd92e803a0db36b74f0b6b Mon Sep 17 00:00:00 2001 From: Clemens Gruber Date: Sun, 6 Apr 2014 22:18:08 +0200 Subject: [PATCH 3/4] Improve hoedowns gitignore file for Mac users. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index e885c6c..55a30d3 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ hoedown.exp hoedown.lib smartypants libhoedown.so* +.DS_Store From 238c4d57cce10d33b05cf52a91fc62a09f31ffbb Mon Sep 17 00:00:00 2001 From: Xavier Mendez Date: Mon, 7 Apr 2014 17:20:12 +0200 Subject: [PATCH 4/4] Talk about client-side attacks --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 37b451f..fe40f8b 100644 --- a/README.md +++ b/README.md @@ -32,11 +32,15 @@ Features `Hoedown` has been extensively security audited, and includes protection against all possible DOS attacks (stack overflows, out of memory situations, malformed - Markdown syntax...) and against client attacks through malicious embedded HTML. + Markdown syntax...). We've worked very hard to make `Hoedown` never crash or run out of memory under *any* input. + **Warning**: `Hoedown` doesn't validate or post-process the HTML in Markdown documents. + Unless you use `HTML_ESCAPE` or `HTML_SKIP`, you should strongly consider using a + good post-processor in conjunction with Hoedown to prevent client-side attacks. + * **Customizable renderers** `Hoedown` is not stuck with XHTML output: the Markdown parser of the library