FIX: Only wrap inline html tags in <p>

app/assets/javascripts/discourse/dialects/html.js

@@ -1,8 +1,18 @@
 /**
   If a row begins with HTML tags, don't parse it.
 **/
+var blockTags = ['address', 'article', 'aside', 'audio', 'blockquote', 'canvas', 'dd', 'div',
+                 'dl', 'fieldset', 'figcaption', 'figure', 'footer', 'form', 'h1', 'h2', 'h3',
+                 'h4', 'h5', 'h6', 'header', 'hgroup', 'hr', 'noscript', 'ol', 'output',
+                 'p', 'pre', 'section', 'table', 'tfoot', 'ul', 'video'];
+
 Discourse.Dialect.registerBlock('html', function(block, next) {
-  if (block.match(/^<[^>]+\>/)) {
+
-    return [ block.toString() ];
+  var m = /^<([^>]+)\>/.exec(block);
+  if (m && m[1]) {
+    var tag = m[1].split(/\s/);
+    if (tag && tag[0] && blockTags.indexOf(tag[0]) !== -1) {
+      return [ block.toString() ];
+    }
   }
 });

spec/components/pretty_text_spec.rb

@@ -32,7 +32,7 @@ describe PrettyText do
     end
 
     it "should sanitize the html" do
-      PrettyText.cook("<script>alert(42)</script>").should match_html ""
+      PrettyText.cook("<script>alert(42)</script>").should match_html "<p></p>"
     end
 
     it 'should allow for @mentions to have punctuation' do

test/javascripts/components/markdown_test.js

@@ -56,6 +56,14 @@ test("Line Breaks", function() {
          "it handles new lines correctly with [] options");
 });
 
+test("Paragraphs for HTML", function() {
+  cooked("<div>hello world</div>", "<div>hello world</div>", "it doesn't surround <div> with paragraphs");
+  cooked("<p>hello world</p>", "<p>hello world</p>", "it doesn't surround <p> with paragraphs");
+  cooked("<i>hello world</i>", "<p><i>hello world</i></p>", "it surrounds inline <i> html tags with paragraphs");
+  cooked("<b>hello world</b>", "<p><b>hello world</b></p>", "it surrounds inline <b> html tags with paragraphs");
+
+});
+
 test("Links", function() {
 
   cooked("EvilTrout: http://eviltrout.com",
@@ -300,7 +308,7 @@ test("sanitize", function() {
   cooked("hello<script>alert(42)</script>", "<p>hello</p>", "it sanitizes while cooking");
 
   cooked("<a href='http://disneyland.disney.go.com/'>disney</a> <a href='http://reddit.com'>reddit</a>",
-         "<a href=\"http://disneyland.disney.go.com/\">disney</a> <a href=\"http://reddit.com\">reddit</a>",
+         "<p><a href=\"http://disneyland.disney.go.com/\">disney</a> <a href=\"http://reddit.com\">reddit</a></p>",
          "we can embed proper links");
 
 });

test/javascripts/mdtest/fixtures/Amps and angle encoding.xhtml

@@ -1,8 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer escapes > as &gt; even though Markdown doesn't specify that.
--->
 <p>AT&amp;T has an ampersand in their name.</p>
 
 <p>AT&amp;T is another way to write it.</p>

test/javascripts/mdtest/fixtures/Backslash escapes.xhtml

@@ -1,10 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer escapes quotes " as &quot;
-	- Our sanitizer has not whitelisted attr attributes in `span`s
-	- Our sanitizer replaces backticks with &#x60; in code blocks
--->
 <p>These should all get escaped:</p>
 
 <p>Backslash: \</p>

test/javascripts/mdtest/fixtures/Blockquotes with code blocks.xhtml

@@ -1,8 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer escapes quotes " as &quot;
--->
 <blockquote>
   <p>Example:</p>
 

test/javascripts/mdtest/fixtures/Code Spans.xhtml

@@ -1,10 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer escapes quotes " as &quot;
-	- Our sanitizer has not whitelisted attr attributes in `span`s
-	- Our sanitizer replaces backticks with &#x60;
--->
 <p><code>&lt;test a=&quot;</code> content of attribute <code>&quot;&gt;</code></p>
 
 <p>Fix for backticks within HTML tag: <span>like this</span></p>

test/javascripts/mdtest/fixtures/Inline HTML (Advanced).xhtml

@@ -1,9 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer removes the style tag
-	- It removes id and classes.
--->
 <p>Simple block on one line:</p>
 
 <div>foo</div>

test/javascripts/mdtest/fixtures/Inline HTML (Simple).xhtml

@@ -1,8 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- It removes id and classes.
--->
 <p>Here's a simple block:</p>
 
 <div>

test/javascripts/mdtest/fixtures/Links, inline style.xhtml

@@ -1,8 +1,3 @@
-<!--
-	Changed for Discourse:
-
-	- Our HTML sanitizer puts &#39; in attributes
--->
 <p>Just a <a href="/url/">URL</a>.</p>
 
 <p><a href="/url/" title="title">URL and title</a>.</p>

test/javascripts/mdtest/fixtures/Markdown Documentation - Basics.xhtml

@@ -1,8 +1,3 @@
-<!--
-    Changed for Discourse:
-
-    - Sanitized elements and entities
--->
 <h1>Markdown: Basics</h1>
 
 <ul>

test/javascripts/mdtest/fixtures/Markdown Documentation - Syntax.xhtml

@@ -1,8 +1,3 @@
-<!--
-    Changed for Discourse:
-
-    - Sanitized elements and entities
--->
 <h1>Markdown: Syntax</h1>
 
 <ul>

test/javascripts/mdtest/mdtest.js.erb

@@ -19,7 +19,6 @@ var md = function(input, expected, text) {
       expectedNorm = normalize(expected),
       same = (result === expected) || (resultNorm === expectedNorm);
 
-
   if (same) {
     ok(same, text);
   } else {
@@ -42,7 +41,7 @@ test("first", function(){
       filename = Pathname.new(filename_no_ext)
 
       text = File.read(f)
-      html = File.read("#{filename_no_ext}.xhtml").gsub(/\<\!\-\-(.*?)\-\-\>/m, '')
+      html = File.read("#{filename_no_ext}.xhtml");
       result << "test(\"#{filename}\", function() { md(#{text.to_json}, #{html.to_json}, 'passes MDTest'); });\n"
     end
     result