From 9828a268b988b0b53266dc04de92b2bf5de805df Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Thu, 10 Jul 2014 09:17:04 +1000
Subject: [PATCH] Fix: whitelist regex for bbcode too wide

---
 app/assets/javascripts/discourse/lib/markdown.js | 2 +-
 spec/components/pretty_text_spec.rb              | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/discourse/lib/markdown.js b/app/assets/javascripts/discourse/lib/markdown.js
index f1ac20bde71..a3068fb148d 100644
--- a/app/assets/javascripts/discourse/lib/markdown.js
+++ b/app/assets/javascripts/discourse/lib/markdown.js
@@ -258,6 +258,6 @@ Discourse.Markdown.whiteListTag('span', 'bbcode-i');
 Discourse.Markdown.whiteListTag('span', 'bbcode-u');
 Discourse.Markdown.whiteListTag('span', 'bbcode-s');
 
-Discourse.Markdown.whiteListTag('span', 'class', /bbcode-size-\d+/);
+Discourse.Markdown.whiteListTag('span', 'class', /bbcode-size-\d+$/);
 
 Discourse.Markdown.whiteListIframe(/^(https?:)?\/\/www\.google\.com\/maps\/embed\?.+/i);
diff --git a/spec/components/pretty_text_spec.rb b/spec/components/pretty_text_spec.rb
index df9e2e15d50..c418a45b760 100644
--- a/spec/components/pretty_text_spec.rb
+++ b/spec/components/pretty_text_spec.rb
@@ -240,8 +240,12 @@ describe PrettyText do
     end
   end
 
-
   describe "markdown quirks" do
+
+    it "sanitizes spans" do
+      PrettyText.cook("<span class=\"-bbcode-size-0 fa fa-spin\">a</span>").should match_html "<p><span>a</span></p>"
+    end
+
     it "bolds stuff in parens" do
       PrettyText.cook("a \"**hello**\"").should match_html "<p>a &quot;<strong>hello</strong>&quot;</p>"
       PrettyText.cook("(**hello**)").should match_html "<p>(<strong>hello</strong>)</p>"