##// END OF EJS Templates
Merged r14812 (#6969)....
Jean-Philippe Lang -
r14454:1b8b03d7472c
parent child
Show More
@@ -1202,7 +1202,7 class RedCloth3 < String
1202 ALLOWED_TAGS = %w(redpre pre code notextile)
1202 ALLOWED_TAGS = %w(redpre pre code notextile)
1203
1203
1204 def escape_html_tags(text)
1204 def escape_html_tags(text)
1205 text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
1205 text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)?(>?)}) {|m| $2 && ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
1206 end
1206 end
1207 end
1207 end
1208
1208
@@ -154,12 +154,19 EXPECTED
154 assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '')
154 assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '')
155 end
155 end
156
156
157 def test_escaping
157 def test_should_escape_unallowed_tags
158 assert_html_output(
158 assert_html_output(
159 'this is a <script>' => 'this is a &lt;script&gt;'
159 'this is a <script>' => 'this is a &lt;script&gt;'
160 )
160 )
161 end
161 end
162
162
163 def test_should_escape_less_than_signs
164 assert_html_output(
165 '<' => '&lt;',
166 '1 < 2' => '1 &lt; 2'
167 )
168 end
169
163 def test_use_of_backslashes_followed_by_numbers_in_headers
170 def test_use_of_backslashes_followed_by_numbers_in_headers
164 assert_html_output({
171 assert_html_output({
165 'h1. 2009\02\09' => '<h1>2009\02\09</h1>'
172 'h1. 2009\02\09' => '<h1>2009\02\09</h1>'
General Comments 0
You need to be logged in to leave comments. Login now