paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

[localecho] Properly escape HTML in code blocks

Browse Source 
(imported from commit 11f7e4f440cdd3a2ef6debb10c3d5a07f4fd1a1a)
This commit is contained in:
Leo Franchi
2014-02-03 11:13:40 -05:00
parent 85381a62b9
commit bb21400732
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
static/js/echo.js
View File

@@ -453,6 +453,7 @@ $(function () {
fenced_code.set_stash_func(function (html) { fenced_code.set_stash_func(function (html) {
return marked.stashHtml(html, true); return marked.stashHtml(html, true);
}); });
fenced_code.set_escape_func(escape);
marked.setOptions({ marked.setOptions({
gfm: true, gfm: true,

10
static/js/fenced_code.js
View File

@@ -23,6 +23,10 @@ var stash_func = function (text) {
return text; return text;
}; };
var escape_func = function (text) {
return text;
};
function wrap_code(code) { function wrap_code(code) {
// Trim trailing \n until there's just one left // Trim trailing \n until there's just one left
// This mirrors how pygments handles code input // This mirrors how pygments handles code input
@@ -30,7 +34,7 @@ function wrap_code(code) {
while (code.length > 2 && code.substr(code.length - 2) === '\n\n') { while (code.length > 2 && code.substr(code.length - 2) === '\n\n') {
code = code.substring(0, code.length - 1); code = code.substring(0, code.length - 1);
} }
return '<div class="codehilite"><pre>' + code + '</pre></div>\n'; return '<div class="codehilite"><pre>' + escape_func(code) + '</pre></div>\n';
} }
function wrap_quote(text) { function wrap_quote(text) {
@@ -51,6 +55,10 @@ exports.set_stash_func = function (stash_handler) {
stash_func = stash_handler; stash_func = stash_handler;
}; };
exports.set_escape_func = function (escape) {
escape_func = escape;
};
exports.process_fenced_code = function (content) { exports.process_fenced_code = function (content) {
var input = content.split('\n'); var input = content.split('\n');
var output = []; var output = [];

12
zerver/fixtures/bugdown-data.json
View File

@@ -197,6 +197,18 @@
"input": ":smile:, :smile:; :smile:", "input": ":smile:, :smile:; :smile:",
"expected_output": "<p><img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\">, <img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\">; <img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\"></p>", "expected_output": "<p><img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\">, <img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\">; <img alt=\":smile:\" class=\"emoji\" src=\"static/third/gemoji/images/emoji/smile.png\" title=\":smile:\"></p>",
"bugdown_matches_marked": true "bugdown_matches_marked": true
},
{
"name": "safe_html",
"input": "<h1>stay normal</h1> thanks",
"expected_output": "<p>&lt;h1&gt;stay normal&lt;/h1&gt; thanks</p>",
"bugdown_matches_marked": true
},
{
"name": "safe_html_in_code",
"input": "~~~\n<h1>stay normal</h1>",
"expected_output": "<div class=\"codehilite\"><pre>&lt;h1&gt;stay normal&lt;/h1&gt;\n</pre></div>",
"bugdown_matches_marked": true
} }
], ],
"linkify_tests": [ "linkify_tests": [