FIX: link starting with '[poll' should not break polls

This commit is contained in:
Régis Hanol 2015-05-13 17:50:25 +02:00
parent 76a95e4aaf
commit b8005f0b1b
2 changed files with 10 additions and 2 deletions

View File

@ -8,10 +8,10 @@
const WHITELISTED_ATTRIBUTES = ["type", "name", "min", "max", "step", "order", "color", "background", "status"]; const WHITELISTED_ATTRIBUTES = ["type", "name", "min", "max", "step", "order", "color", "background", "status"];
const WHITELISTED_STYLES = ["color", "background"]; const WHITELISTED_STYLES = ["color", "background"];
const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]=]+['\"]?", "g"); const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]]+['\"]?", "g");
Discourse.Dialect.replaceBlock({ Discourse.Dialect.replaceBlock({
start: /\[poll([^\]]*)\]([\s\S]*)/igm, start: /\[poll((?:\s+\w+=[^\s\]]+)*)\]([\s\S]*)/igm,
stop: /\[\/poll\]/igm, stop: /\[\/poll\]/igm,
emitter: function(blockContents, matches) { emitter: function(blockContents, matches) {

View File

@ -57,6 +57,14 @@ describe PostsController do
expect(json["polls"]["<script>alert(xss)</script>"]).to be expect(json["polls"]["<script>alert(xss)</script>"]).to be
end end
it "also works whe there is a link starting with '[poll'" do
xhr :post, :create, { title: title, raw: "[Polls are awesome](/foobar)\n[poll]\n- A\n- B\n[/poll]" }
expect(response).to be_success
json = ::JSON.parse(response.body)
expect(json["cooked"]).to match("data-poll-")
expect(json["polls"]).to be
end
describe "edit window" do describe "edit window" do
describe "within the first 5 minutes" do describe "within the first 5 minutes" do