Bump Marked to v0.3.3 #1165
Closed
Bump Marked to v0.3.3 #1165
+2
−33
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Compressed with `uglifyjs lib/marked.js --comments="/Copyright/" --mangle --compress` Used Marked v0.3.3 as of markedjs/marked@2b5802f
|
Whoops, opened this against master instead of dev, one sec. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Compressed with
uglifyjs lib/marked.js --comments="/Copyright/" --mangle --compressUsed Marked v0.3.3 as of markedjs/marked@2b5802f
Mostly minor bugfixes and refactoring in the Marked changelog, though this revision does have working SmartyPants support (off by default), which makes my life easier in #1163.
It also closes an XSS vulnerability on IE < 10 when
sanitizeis set to true (it defaults to off)... actually, there are evidently a bunch of bugs in Marked, including other XSS's, as discussed by the NodeBB folks in NodeBB/nodebb-plugin-markdown#20They ultimately settled on remarkable as a replacement, which is much more actively maintained... and then the two primary authors of Remarkable forked it into markdown-it. Now there's bad blood. So this is all kind of a mess. Markdown-it looks good.
Probably worth updating Marked in the interim, since it's a noninvasive update, then moving to Markdown-it when you/I have time for more extensive testing.