Merge pull request #1865 from vikhyat/less-than-sanitization
Fix sanitization of smileys like <_< and <3.
This commit is contained in:
commit
359a866458
|
@ -154,6 +154,7 @@ Discourse.Markdown = {
|
|||
**/
|
||||
sanitize: function(text) {
|
||||
if (!window.html_sanitize) return "";
|
||||
text = text.replace(/<([^A-Za-z\/]|$)/g, "<$1");
|
||||
return window.html_sanitize(text, Discourse.Markdown.urlAllowed, Discourse.Markdown.nameIdClassAllowed);
|
||||
},
|
||||
|
||||
|
|
|
@ -332,6 +332,8 @@ test("sanitize", function() {
|
|||
equal(sanitize("<i class=\"fa-bug fa-spin\">bug</i>"), "<i>bug</i>");
|
||||
equal(sanitize("<div><script>alert('hi');</script></div>"), "<div></div>");
|
||||
equal(sanitize("<div><p class=\"funky\" wrong='1'>hello</p></div>"), "<div><p>hello</p></div>");
|
||||
equal(sanitize("<3 <3"), "<3 <3");
|
||||
equal(sanitize("<_<"), "<_<");
|
||||
cooked("hello<script>alert(42)</script>", "<p>hello</p>", "it sanitizes while cooking");
|
||||
|
||||
cooked("<a href='http://disneyland.disney.go.com/'>disney</a> <a href='http://reddit.com'>reddit</a>",
|
||||
|
|
Loading…
Reference in New Issue