Standards compliant, fast, secure markdown processing library in C
Find a file
Steve Wolter d2dde183ee Fix out-of-bounds memory access in tab expansion.
The loop performs two jobs: Find the first tabstop, and counting the number of
characters before it. To count the number of characters before the
tabstop, it counts all bytes that are not UTF-8 continuation bytes.
The current form of the loop doesn't check the first character, but
checks the character past the range's end. Since these are both
usually non-continuation characters, it does the right thing accidentally.
However, it accesses the character range at index `size`, which is
forbidden and might be uninitialized for strings that are not
null-terminated.
2014-12-01 12:35:43 +01:00
bin bin-refactor: Make parse_options() consistent 2014-10-20 00:27:28 +02:00
src Fix out-of-bounds memory access in tab expansion. 2014-12-01 12:35:43 +01:00
test Fix issue #125: Don't escape HTML tags in tables of contents. 2014-12-01 12:35:14 +01:00
.editorconfig Add .editorconfig 2013-09-20 19:08:28 -05:00
.gitignore Revert .gitignore 2014-04-17 13:24:11 +02:00
.travis.yml Install tidy before running tests 2013-09-20 19:50:05 -05:00
hoedown.def More fixes 2014-09-03 10:39:33 +02:00
html_block_names.gperf Improvements to the gperf flow 2013-09-20 21:57:08 -05:00
LICENSE Update LICENSE 2014-11-03 20:42:30 -06:00
Makefile Release v3.0.0! 2014-11-04 19:18:32 +01:00
Makefile.win Make tests work on Windows 2014-10-22 13:12:03 +08:00
README.md Merge branch 'master' into small-fixes 2014-04-09 13:46:30 +02:00

Hoedown

Build Status

Hoedown is a revived fork of Sundown, the Markdown parser based on the original code of the Upskirt library by Natacha Porté.

Features

  • Fully standards compliant

    Hoedown passes out of the box the official Markdown v1.0.0 and v1.0.3 test suites, and has been extensively tested with additional corner cases to make sure its output is as sane as possible at all times.

  • Massive extension support

    Hoedown has optional support for several (unofficial) Markdown extensions, such as non-strict emphasis, fenced code blocks, tables, autolinks, strikethrough and more.

  • UTF-8 aware

    Hoedown is fully UTF-8 aware, both when parsing the source document and when generating the resulting (X)HTML code.

  • Tested & Ready to be used on production

    Hoedown has been extensively security audited, and includes protection against all possible DOS attacks (stack overflows, out of memory situations, malformed Markdown syntax...).

    We've worked very hard to make Hoedown never leak or crash under any input.

    Warning: Hoedown doesn't validate or post-process the HTML in Markdown documents. Unless you use HTML_ESCAPE or HTML_SKIP, you should strongly consider using a good post-processor in conjunction with Hoedown to prevent client-side attacks.

  • Customizable renderers

    Hoedown is not stuck with XHTML output: the Markdown parser of the library is decoupled from the renderer, so it's trivial to extend the library with custom renderers. A fully functional (X)HTML renderer is included.

  • Optimized for speed

    Hoedown is written in C, with a special emphasis on performance. When wrapped on a dynamic language such as Python or Ruby, it has shown to be up to 40 times faster than other native alternatives.

  • Zero-dependency

    Hoedown is a zero-dependency library composed of some .c files and their headers. No dependencies, no bullshit. Only standard C99 that builds everywhere.

  • Additional features

    Hoedown comes with a fully functional implementation of SmartyPants, a separate autolinker, escaping utilities, buffers and stacks.

Bindings

You can see a community-maintained list of Hoedown bindings at the wiki. There is also a migration guide available for authors of Sundown bindings.

Help us

Hoedown is all about security. If you find a (potential) security vulnerability in the library, or a way to make it crash through malicious input, please report it to us by emailing the private Hoedown Security mailing list. The Hoedown security team will review the vulnerability and work with you to reproduce and resolve it.

Unicode character handling

Given that the Markdown spec makes no provision for Unicode character handling, Hoedown takes a conservative approach towards deciding which extended characters trigger Markdown features:

  • Punctuation characters outside of the U+007F codepoint are not handled as punctuation. They are considered as normal, in-word characters for word-boundary checks.

  • Whitespace characters outside of the U+007F codepoint are not considered as whitespace. They are considered as normal, in-word characters for word-boundary checks.

Install

Just typing make will build Hoedown into a dynamic library and create the hoedown and smartypants executables, which are command-line tools to render Markdown to HTML and perform SmartyPants, respectively.

If you are using CocoaPods, just add the line pod 'hoedown' to your Podfile and call pod install.

Or, if you prefer, you can just throw the files at src into your project.