Merge remote-tracking branch 'origin/main' into footnotes-extension

commonmark · Sep 6, 2024 · e170d31 · e170d31
2 parents ee7b710 + 591b452
commit e170d31
Show file tree

Hide file tree

Showing 11 changed files with 322 additions and 10 deletions.
diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties
@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+wrapperVersion=3.3.2
+distributionType=only-script
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip
diff --git a/README.md b/README.md
@@ -36,7 +36,7 @@ Coordinates for core library (see all on [Maven Central]):
 <dependency>
     <groupId>org.commonmark</groupId>
     <artifactId>commonmark</artifactId>
-    <version>0.21.0</version>
+    <version>0.22.0</version>
 </dependency>
 ```
 
@@ -265,7 +265,7 @@ First, add an additional dependency (see [Maven Central] for others):
 <dependency>
     <groupId>org.commonmark</groupId>
     <artifactId>commonmark-ext-gfm-tables</artifactId>
-    <version>0.21.0</version>
+    <version>0.22.0</version>
 </dependency>
 ```
 

diff --git a/commonmark/src/main/java/org/commonmark/node/FencedCodeBlock.java b/commonmark/src/main/java/org/commonmark/node/FencedCodeBlock.java
@@ -67,7 +67,7 @@ public void setFenceIndent(int fenceIndent) {
     }
 
     /**
-     * @see <a href="http://spec.commonmark.org/0.18/#info-string">CommonMark spec</a>
+     * @see <a href="http://spec.commonmark.org/0.31.2/#info-string">CommonMark spec</a>
      */
     public String getInfo() {
         return info;

diff --git a/commonmark/src/main/java/org/commonmark/node/HtmlBlock.java b/commonmark/src/main/java/org/commonmark/node/HtmlBlock.java
@@ -3,7 +3,7 @@
 /**
  * HTML block
  *
- * @see <a href="http://spec.commonmark.org/0.18/#html-blocks">CommonMark Spec</a>
+ * @see <a href="http://spec.commonmark.org/0.31.2/#html-blocks">CommonMark Spec</a>
  */
 public class HtmlBlock extends Block {
 

diff --git a/commonmark/src/main/java/org/commonmark/node/HtmlInline.java b/commonmark/src/main/java/org/commonmark/node/HtmlInline.java
@@ -3,7 +3,7 @@
 /**
  * Inline HTML element.
  *
- * @see <a href="http://spec.commonmark.org/0.24/#raw-html">CommonMark Spec</a>
+ * @see <a href="http://spec.commonmark.org/0.31.2/#raw-html">CommonMark Spec</a>
  */
 public class HtmlInline extends Node {
 

diff --git a/commonmark/src/main/java/org/commonmark/node/Link.java b/commonmark/src/main/java/org/commonmark/node/Link.java
@@ -18,7 +18,7 @@
  * Note that the text in the link can contain inline formatting, so it could also contain an {@link Image} or
  * {@link Emphasis}, etc.
  *
- * @see <a href="http://spec.commonmark.org/0.26/#links">CommonMark Spec for links</a>
+ * @see <a href="http://spec.commonmark.org/0.31.2/#links">CommonMark Spec for links</a>
  */
 public class Link extends Node {
 

diff --git a/commonmark/src/main/java/org/commonmark/node/LinkReferenceDefinition.java b/commonmark/src/main/java/org/commonmark/node/LinkReferenceDefinition.java
@@ -9,7 +9,7 @@
  * They can be referenced anywhere else in the document to produce a link using <code>[foo]</code>. The definitions
  * themselves are usually not rendered in the final output.
  *
- * @see <a href="https://spec.commonmark.org/0.29/#link-reference-definition">Link reference definitions</a>
+ * @see <a href="https://spec.commonmark.org/0.31.2/#link-reference-definition">Link reference definitions</a>
  */
 public class LinkReferenceDefinition extends Block {
 

diff --git a/commonmark/src/main/java/org/commonmark/node/ListBlock.java b/commonmark/src/main/java/org/commonmark/node/ListBlock.java
@@ -6,7 +6,7 @@ public abstract class ListBlock extends Block {
 
     /**
      * @return whether this list is tight or loose
-     * @see <a href="https://spec.commonmark.org/0.28/#tight">CommonMark Spec for tight lists</a>
+     * @see <a href="https://spec.commonmark.org/0.31.2/#tight">CommonMark Spec for tight lists</a>
      */
     public boolean isTight() {
         return tight;

diff --git a/commonmark/src/main/java/org/commonmark/renderer/html/DefaultUrlSanitizer.java b/commonmark/src/main/java/org/commonmark/renderer/html/DefaultUrlSanitizer.java
@@ -4,15 +4,15 @@
 
 /**
  *
- * Allows http, https and mailto protocols for url.
+ * Allows http, https, mailto, and data protocols for url.
  * Also allows protocol relative urls, and relative urls.
  * Implementation based on https://github.com/OWASP/java-html-sanitizer/blob/f07e44b034a45d94d6fd010279073c38b6933072/src/main/java/org/owasp/html/FilterUrlByProtocolAttributePolicy.java
  */
 public class DefaultUrlSanitizer implements UrlSanitizer {
     private Set<String> protocols;
 
     public DefaultUrlSanitizer() {
-        this(List.of("http", "https", "mailto"));
+        this(List.of("http", "https", "mailto", "data"));
     }
 
     public DefaultUrlSanitizer(Collection<String> protocols) {

diff --git a/commonmark/src/test/java/org/commonmark/test/HtmlRendererTest.java b/commonmark/src/test/java/org/commonmark/test/HtmlRendererTest.java
@@ -93,13 +93,47 @@ public void sanitizedUrlsShouldSetRelNoFollow() {
         assertEquals("<p><a rel=\"nofollow\" href=\"https://google.com\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
     }
 
+    @Test
+    public void sanitizedUrlsShouldAllowSafeProtocols() {
+        Paragraph paragraph = new Paragraph();
+        Link link = new Link();
+        link.setDestination("http://google.com");
+        paragraph.appendChild(link);
+        assertEquals("<p><a rel=\"nofollow\" href=\"http://google.com\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
+
+        paragraph = new Paragraph();
+        link = new Link();
+        link.setDestination("https://google.com");
+        paragraph.appendChild(link);
+        assertEquals("<p><a rel=\"nofollow\" href=\"https://google.com\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
+
+        paragraph = new Paragraph();
+        link = new Link();
+        link.setDestination("mailto:[email protected]");
+        paragraph.appendChild(link);
+        assertEquals("<p><a rel=\"nofollow\" href=\"mailto:[email protected]\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
+
+        String image = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAFiUAABYlAUlSJPAAAAAQSURBVBhXY/iPBVBf8P9/AG8TY51nJdgkAAAAAElFTkSuQmCC";
+        paragraph = new Paragraph();
+        link = new Link();
+        link.setDestination(image);
+        paragraph.appendChild(link);
+        assertEquals("<p><a rel=\"nofollow\" href=\"" + image + "\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
+    }
+
     @Test
     public void sanitizedUrlsShouldFilterDangerousProtocols() {
         Paragraph paragraph = new Paragraph();
         Link link = new Link();
         link.setDestination("javascript:alert(5);");
         paragraph.appendChild(link);
         assertEquals("<p><a rel=\"nofollow\" href=\"\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
+
+        paragraph = new Paragraph();
+        link = new Link();
+        link.setDestination("ftp://google.com");
+        paragraph.appendChild(link);
+        assertEquals("<p><a rel=\"nofollow\" href=\"\"></a></p>\n", sanitizeUrlsRenderer().render(paragraph));
     }
 
     @Test