commonmark - npm Package Compare versions

Comparing version 0.25.0 to 0.25.1

changelog.txt

@@ -0,1 +1,15 @@
+[0.25.1]
+
+  * Ensure that `advanceNextNonspace` resets `partiallyConsumedTab`.
+    This fixes a regression in which the first character after a tab
+    would sometimes be dropped.
+  * Added regression tests.
+  * XML renderer: escape attribute values (muji).
+  * Fix dingus vulnerability (muji).  Use an iframe and innerHTML to prevent
+    `<script>` tags from executing.
+  * Dingus:  let preview show when query has `text=`.  Previously we had
+    these URLs open the HTML pane first, but now that we have XSS protection
+    (the iframe), it should be okay to open the preview pane first.
+  * Dingus: don't print sourcepos attributes in HTML/AST view.
+
 [0.25.0]
@@ -2,0 +16,0 @@

lib/blocks.js

@@ -586,7 +586,14 @@ "use strict";
             charsToTab = 4 - (this.column % 4);
-            this.partiallyConsumedTab = columns && charsToTab > count;
-            charsToAdvance = charsToTab > count ? count : charsToTab;
-            this.column += charsToAdvance;
-            this.offset += this.partiallyConsumedTab ? 0 : 1;
-            count -= (columns ? charsToAdvance : 1);
+            if (columns) {
+                this.partiallyConsumedTab = charsToTab > count;
+                charsToAdvance = charsToTab > count ? count : charsToTab;
+                this.column += charsToAdvance;
+                this.offset += this.partiallyConsumedTab ? 0 : 1;
+                count -= (columns ? charsToAdvance : 1);
+            } else {
+                this.partiallyConsumedTab = false;
+                this.column += charsToTab;
+                this.offset += 1;
+                this.count -= 1;
+            }
         } else {
@@ -605,2 +612,3 @@ this.partiallyConsumedTab = false;
     this.column = this.nextNonspaceColumn;
+    this.partiallyConsumedTab = false;
 };
@@ -643,2 +651,4 @@
     this.column = 0;
+    this.blank = false;
+    this.partiallyConsumedTab = false;
     this.lineNumber += 1;
@@ -645,0 +655,0 @@

lib/index.js

@@ -14,3 +14,3 @@ "use strict";
 
-module.exports.version = '0.25.0';
+module.exports.version = '0.25.1';
 module.exports.Node = require('./node');
@@ -17,0 +17,0 @@ module.exports.Parser = require('./blocks');

lib/xml.js

@@ -12,3 +12,3 @@ "use strict";
         while ((attrib = attrs[i]) !== undefined) {
-            result += ' ' + attrib[0] + '="' + attrib[1] + '"';
+            result += ' ' + attrib[0] + '="' + escapeXml(attrib[1]) + '"';
             i++;
@@ -15,0 +15,0 @@ }

package.json

 { "name": "commonmark",
   "description": "a strongly specified, highly compatible variant of Markdown",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "homepage": "http://commonmark.org",
@@ -5,0 +5,0 @@ "keywords":

No alert changes

Improved metrics

Total package byte prevSize

430056

increased by0.34%

Lines of code

6439

increased by0.31%

No dependency changes