jro_apps/redmine Commit - r14454:1b8b03d7472c

Merged r14812 (#6969)....

Jean-Philippe Lang -

r14454:1b8b03d7472c

parent child

Context file:

r14454:1b8b03d7472c

lib/redcloth3.rb +1 -1

                 ALLOWED_TAGS = %w(redpre pre code notextile)
                 def escape_html_tags(text)
-                  text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
+                  text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)?(>?)}) {|m| $2 && ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
                 end
             end

test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb +8 -1

                 assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '')
               end
-              def test_escaping
+              def test_should_escape_unallowed_tags
                 assert_html_output(
                   'this is a <script>'      => 'this is a &lt;script&gt;'
                 )
               end
+              def test_should_escape_less_than_signs
+                assert_html_output(
+                  '<'                     => '&lt;',
+                  '1 < 2'                 => '1 &lt; 2'
+                )
+              end
               def test_use_of_backslashes_followed_by_numbers_in_headers
                 assert_html_output({
                   'h1. 2009\02\09'      => '<h1>2009\02\09</h1>'

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages