jro_apps/redmine Commit - r1388:7a969dafacf0

Escape HTML comment tags (#1160)....

Jean-Philippe Lang -

r1388:7a969dafacf0

parent child

Context file:

r1388:7a969dafacf0

lib/redcloth.rb +1 -1

                 ALLOWED_TAGS = %w(redpre pre code)
                 def escape_html_tags(text)
-                  text.gsub!(%r{<(\/?(\w+)[^>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' if $3}" }
+                  text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
                 end
             end

test/unit/helpers/application_helper_test.rb +2 0

                   "<pre>\nline 1\nline2</pre>" => "<pre>\nline 1\nline2</pre>",
                   "<pre><code>\nline 1\nline2</code></pre>" => "<pre><code>\nline 1\nline2</code></pre>",
                   "<pre><div>content</div></pre>" => "<pre>&lt;div&gt;content&lt;/div&gt;</pre>",
+                  "HTML comment: <!-- no comments -->" => "<p>HTML comment: &lt;!-- no comments --&gt;</p>",
+                  "<!-- opening comment" => "<p>&lt;!-- opening comment</p>"
                 }
                 to_test.each { |text, result| assert_equal result, textilizable(text) }
               end

General Comments 0

You need to be logged in to leave comments. Login now

No TODOs yet

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages