Parser fix

[KostyaTretyak]

For now, parser not properly parsing this markdown:

Open angle bracket inline with link:

<<http://example.com>

With space: < <http://example.com>

With content: <1 <http://example.com>

Thanks to @thisgeek and #814, I've finalized this issue. This PR may also be included in the release #976

[Feder1co5oave]

Test 39 fails with this pull merged onto the current master 18deb8b:

#39. mangle_xss.sanatize.nomangle.text failed at offset 3. Near: "<p>&lt;<ahref="mailto:svg/onload=".


Got:
<p>&lt;<ahref="mailto:svg/onload=


Expected:
<p><ahref="mailto:&lt;svg/onload=

It looks to me that the new output is correct, because marked shouldn't eat the '<'. Let's hear @UziTech and @matt- since they took care of that XSS issue.
This fix looks overall correct to me.

[UziTech]

I agree with @Feder1co5oave

The first line in \test\tests\mangle_xss.sanatize.nomangle.html should be

<p>&lt;<a href="mailto:svg/onload=&quot;alert(1)&quot;//@x">svg/onload=&quot;alert(1)&quot;//@x</a></p>

@KostyaTretyak could you rebase with master and change that line so the tests pass?

[KostyaTretyak]

Hmm... I do not understand why this and other changes are shown, since at the moment it already exists in the master.

[Feder1co5oave]

You probably rebased (wrong?)

[UziTech]

It looks like you rebased onto 43fc870
instead of the latest commit.

Make sure you fetch the latest chjj/master branch before rebasing on it.

[KostyaTretyak]

Done.

[joshbruce]

LGTM!

[joshbruce]

ps. Having issues with the bench script, just me?

[Feder1co5oave]

What kind?
I've just run this:

$ node test --bench
marked completed in 13002ms.
marked (gfm) completed in 13562ms.
marked (pedantic) completed in 12634ms.
Could not bench robotskirt.
Could not bench showdown.
Could not bench markdown.js.

[joshbruce]

npm run bench per package.json

[Feder1co5oave]

Oh, it exited with code 1. Not sure why Il 05 gen 2018 4:24 AM, "Josh Bruce" <[email protected]> ha scritto:

…

npm run bench per package.json [image: screen shot 2018-01-04 at 10 24 07 pm] <https://user-images.githubusercontent.com/15252830/34594266-050692ca-f19e-11e7-8f54-6632e00c3550.png> — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#977 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AByGhHA0riVyUm3-ctBSr5dykoH6sqNVks5tHZX6gaJpZM4RLnZG> .

[joshbruce]

Yep. Definitely weird. Also curious why your benches are almost 10 seconds longer than mine...really want to establish some type of baseline expectation - otherwise, why even measure it. ;)

[Feder1co5oave]

Because I'm working on a steaming hot Celeron-powered machine, of course :b

[joshbruce]

Celeron!? I haven't heard the processor name since I worked at Office Depot's tech. department in like 2001. In fact, I think the first computer I ever bought myself was a 500mhz Celeron HP mini-tower.

Oh de memories. ::tear::

[Feder1co5oave]

Oh it's not that old, it's a 1.1GHZ Celeron M on a netbook. Just gives it a little advantage over any Atom.

[KostyaTretyak]

Issue with npm run bench because this is. Although I did not dig why it is.

[UziTech]

It is because the runBench function doesn't return anything (or returns undefined) so marked assumes that it failed.

When running node test --bench the exit code doesn't matter or get displayed but when running npm run bench npm does display it if it is non-zero.

We could just add return true; to the end of the runBench function

[Feder1co5oave]

Thx @UziTech