Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Only wrap inline html tags in <p>

This commit is contained in:
Robin Ward 2013-10-18 15:20:27 -04:00
parent 715a6d177a
commit d7182d0b14
13 changed files with 23 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
app/assets/javascripts/discourse/dialects/html.js
View File

@ -1,8 +1,18 @@
/**
If a row begins with HTML tags, don't parse it.
**/
var blockTags = ['address', 'article', 'aside', 'audio', 'blockquote', 'canvas', 'dd', 'div',
'dl', 'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3',
'h4', 'h5', 'h6', 'header', 'hgroup', 'hr', 'noscript', 'ol', 'output',
'p', 'pre', 'section', 'table', 'tfoot', 'ul', 'video'];
Discourse.Dialect.registerBlock('html', function(block, next) {
if (block.match(/^<[^>]+\>/)) {
return [ block.toString() ];
var m = /^<([^>]+)\>/.exec(block);
if (m && m[1]) {
var tag = m[1].split(/\s/);
if (tag && tag[0] && blockTags.indexOf(tag[0]) !== -1) {
return [ block.toString() ];
}
}
});

2
spec/components/pretty_text_spec.rb
View File

@ -32,7 +32,7 @@ describe PrettyText do
end
it "should sanitize the html" do
PrettyText.cook("<script>alert(42)</script>").should match_html ""
PrettyText.cook("<script>alert(42)</script>").should match_html "<p></p>"
end
it 'should allow for @mentions to have punctuation' do

10
test/javascripts/components/markdown_test.js
View File

@ -56,6 +56,14 @@ test("Line Breaks", function() {
"it handles new lines correctly with [] options");
});
test("Paragraphs for HTML", function() {
cooked("<div>hello world</div>", "<div>hello world</div>", "it doesn't surround <div> with paragraphs");
cooked("<p>hello world</p>", "<p>hello world</p>", "it doesn't surround <p> with paragraphs");
cooked("<i>hello world</i>", "<p><i>hello world</i></p>", "it surrounds inline <i> html tags with paragraphs");
cooked("<b>hello world</b>", "<p><b>hello world</b></p>", "it surrounds inline <b> html tags with paragraphs");
});
test("Links", function() {
cooked("EvilTrout: http://eviltrout.com",
@ -300,7 +308,7 @@ test("sanitize", function() {
cooked("hello<script>alert(42)</script>", "<p>hello</p>", "it sanitizes while cooking");
cooked("<a href='http://disneyland.disney.go.com/'>disney</a> <a href='http://reddit.com'>reddit</a>",
"<a href=\"http://disneyland.disney.go.com/\">disney</a> <a href=\"http://reddit.com\">reddit</a>",
"<p><a href=\"http://disneyland.disney.go.com/\">disney</a> <a href=\"http://reddit.com\">reddit</a></p>",
"we can embed proper links");
});

5
test/javascripts/mdtest/fixtures/Amps and angle encoding.xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer escapes > as &gt; even though Markdown doesn't specify that.
-->
<p>AT&amp;T has an ampersand in their name.</p>
<p>AT&amp;T is another way to write it.</p>

7
test/javascripts/mdtest/fixtures/Backslash escapes.xhtml
View File

@ -1,10 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer escapes quotes " as &quot;
- Our sanitizer has not whitelisted attr attributes in `span`s
- Our sanitizer replaces backticks with &#x60; in code blocks
-->
<p>These should all get escaped:</p>
<p>Backslash: \</p>

5
test/javascripts/mdtest/fixtures/Blockquotes with code blocks.xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer escapes quotes " as &quot;
-->
<blockquote>
<p>Example:</p>

7
test/javascripts/mdtest/fixtures/Code Spans.xhtml
View File

@ -1,10 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer escapes quotes " as &quot;
- Our sanitizer has not whitelisted attr attributes in `span`s
- Our sanitizer replaces backticks with &#x60;
-->
<p><code>&lt;test a=&quot;</code> content of attribute <code>&quot;&gt;</code></p>
<p>Fix for backticks within HTML tag: <span>like this</span></p>

6
test/javascripts/mdtest/fixtures/Inline HTML (Advanced).xhtml
View File

@ -1,9 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer removes the style tag
- It removes id and classes.
-->
<p>Simple block on one line:</p>
<div>foo</div>

5
test/javascripts/mdtest/fixtures/Inline HTML (Simple).xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- It removes id and classes.
-->
<p>Here's a simple block:</p>
<div>

5
test/javascripts/mdtest/fixtures/Links, inline style.xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- Our HTML sanitizer puts &#39; in attributes
-->
<p>Just a <a href="/url/">URL</a>.</p>
<p><a href="/url/" title="title">URL and title</a>.</p>

5
test/javascripts/mdtest/fixtures/Markdown Documentation - Basics.xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- Sanitized elements and entities
-->
<h1>Markdown: Basics</h1>
<ul>

5
test/javascripts/mdtest/fixtures/Markdown Documentation - Syntax.xhtml
View File

@ -1,8 +1,3 @@
<!--
Changed for Discourse:
- Sanitized elements and entities
-->
<h1>Markdown: Syntax</h1>
<ul>

3
test/javascripts/mdtest/mdtest.js.erb
View File

@ -19,7 +19,6 @@ var md = function(input, expected, text) {
expectedNorm = normalize(expected),
same = (result === expected) || (resultNorm === expectedNorm);
if (same) {
ok(same, text);
} else {
@ -42,7 +41,7 @@ test("first", function(){
filename = Pathname.new(filename_no_ext)
text = File.read(f)
html = File.read("#{filename_no_ext}.xhtml").gsub(/\<\!\-\-(.*?)\-\-\>/m, '')
html = File.read("#{filename_no_ext}.xhtml");
result << "test(\"#{filename}\", function() { md(#{text.to_json}, #{html.to_json}, 'passes MDTest'); });\n"
end
result