meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 15:01:14 +00:00
Code Issues Releases Wiki Activity

Fixed that less-than sign is not escaped by textile formatter (#6969).

Browse Source 
git-svn-id: http://svn.redmine.org/redmine/trunk@14812 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2015-11-07 10:20:57 +00:00
parent 495be400a1
commit c6283d7ce5
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/redcloth3.rb
View File

@ -1202,7 +1202,7 @@ class RedCloth3 < String
ALLOWED_TAGS = %w(redpre pre code notextile) ALLOWED_TAGS = %w(redpre pre code notextile)
def escape_html_tags(text) def escape_html_tags(text)
text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" } text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)?(>?)}) {|m| $2 && ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
end end
end end

9
test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
View File

@ -160,12 +160,19 @@ EXPECTED
assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '') assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '')
end end
def test_escaping def test_should_escape_unallowed_tags
assert_html_output( assert_html_output(
'this is a <script>' => 'this is a &lt;script&gt;' 'this is a <script>' => 'this is a &lt;script&gt;'
) )
end end
def test_should_escape_less_than_signs
assert_html_output(
'<' => '&lt;',
'1 < 2' => '1 &lt; 2'
)
end
def test_use_of_backslashes_followed_by_numbers_in_headers def test_use_of_backslashes_followed_by_numbers_in_headers
assert_html_output({ assert_html_output({
'h1. 2009\02\09' => '<h1>2009\02\09</h1>' 'h1. 2009\02\09' => '<h1>2009\02\09</h1>'