bar
baz', 'foobar', 'c', true) 'foobar
baz' > Ox.highlight('foobaz
back`tick
'
> Ox.parseMarkdown('foo\n\nbar\n\nbaz')
'foobar\n\nbaz\n
'
> Ox.parseMarkdown('<http://example.com>
'
> Ox.parseMarkdown('[example](http://example.com "example.com")')
'example'
> Ox.parseMarkdown('[example](http://example.com?foo=bar&bar=baz)')
'example'
> Ox(Ox.parseMarkdown(''
+ code.trim().replace(/
'
);
return salt.join(array.length - 1);
}
)
.replace(
/(^|[^\\])(`+)([^\r]*?[^`])\2(?!`)/gm,
function(match, prev, backticks, code, next) {
array.push(
prev + ''
+ code.trim().replace(/'
);
return salt.join(array.length - 1);
}
)
.replace(
/(\*\*|__)(?=\S)([^\r]*?\S[*_]*)\1/g,
'$2'
)
.replace(
/(\*|_)(?=\S)([^\r]*?\S)\1/g,
'$2'
)
.replace(
/(\[((?:\[[^\]]*\]|[^\[\]])*)\]\([ \t]*()(.*?)>?[ \t]*((['"])(.*?)\6[ \t]*)?\))/g,
function(match, all, text, id, url, rest, quote, title) {
return '' + text + '';
}
)
.replace(
/<((https?|ftp|dict):[^'">\s]+)>/gi,
'$1'
)
.replace(
/<(?:mailto:)?([-.\w]+\@[-a-z0-9]+(\.[-a-z0-9]+)*\.[a-z]+)>/gi,
function(match, mail) {
return Ox.encodeEmailAddress(mail);
}
)
.replace(/\n\n/g, '
')
.replace(
new RegExp(salt.join('(\\d+)'), 'g'),
function(match, index) {
return array[parseInt(index)];
}
);
};
/*@
Ox.sanitizeHTML Takes untrusted HTML and returns something trustworthy
> Ox.sanitizeHTML('http://foo.com, ...')
'http://foo.com, ...'
> Ox.sanitizeHTML('http://foo.com/foo?bar&baz, ...')
'http://foo.com/foo?bar&baz, ...'
> Ox.sanitizeHTML('(see: www.foo.com)')
'(see: www.foo.com)'
> Ox.sanitizeHTML('foo@bar.com')
'foo@bar.com'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('http://www.foo.com/')
'http://www.foo.com/'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('foo')
'<a href="javascript:alert()">foo'
> Ox.sanitizeHTML('foo')
'<a href="foo">foo'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('[http://foo.com foo]')
'foo'
> Ox.sanitizeHTML('foo ')
'foo'
> Ox.sanitizeHTML('')
'<script>alert()</script>'
> Ox.sanitizeHTML('\'foo\' < \'bar\' && "foo" > "bar"')
'\'foo\' < \'bar\' && "foo" > "bar"'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('foo')
'foo'
> Ox.sanitizeHTML('&&')
'&&'
> Ox.sanitizeHTML('')
'<http://foo.com>'
@*/
Ox.sanitizeHTML = function(html, tags, replaceTags) {
var matches = [];
tags = tags || defaultTags;
replaceTags = replaceTags || {};
// html = Ox.clean(html); fixme: can this be a parameter?
if (tags.indexOf('[]') > -1) {
html = html.replace(
/\[((\/|https?:\/\/|mailto:).+?) (.+?)\]/gi,
'$3'
);
tags = tags.filter(function(tag) {
return tag != '[]';
});
}
tags.forEach(function(tag) {
var array = replaceTags[tag] || replace[tag] || replace['*'](tag);
Ox.forEach(array, function(value) {
html = html.replace(value[0], function() {
var match;
if (Ox.isFunction(value[1])) {
match = value[1].apply(null, arguments);
} else {
match = Ox.formatString(value[1], arguments);
}
matches.push(match);
return salt.join(matches.length - 1);
});
});
});
html = Ox.encodeHTMLEntities(Ox.decodeHTMLEntities(html));
matches.forEach(function(match, i) {
html = html.replace(new RegExp(salt.join(i)), match);
});
html = Ox.addLinks(html, true);
html = html.replace(/\n\n/g, '
');
// Close extra opening and remove extra closing tags.
// Note: this converts ''' to "'" and '"' to '"'
return Ox.normalizeHTML(html);
};
/*@
Ox.stripTags Strips HTML tags from a string
> Ox.stripTags('foo')
'foo'
@*/
Ox.stripTags = function(string) {
return string.replace(/<.*?>/g, '');
};
}());