Ox.sanitizeHTML: decode html entities before encoding html entities; Ox.parseMarkdown: encode '<' in code spans and code blocks

This commit is contained in:
rolux 2012-06-22 10:24:25 +02:00
parent ffe27a69d5
commit 8ccabb349e

View file

@ -403,14 +403,15 @@
/\n```(.*)\n([^`]+)\n```/g,
function(match, classname, code) {
return '<pre><code'
+ (classname ? ' class="' + classname + '"' : '')
+ '>' + code.trim() + '\n</code></pre>';
+ (classname ? ' class="' + classname + '"' : '') + '>'
+ code.trim().replace(/</g, '&lt;') + '\n</code></pre>';
}
)
.replace(
/(^|[^\\])(`+)([^\r]*?[^`])\2(?!`)/gm,
function(match, prev, backticks, code, next) {
return prev + '<code>' + code.trim() + '</code>';
return prev + '<code>'
+ code.trim().replace(/</g, '&lt;') + '</code>';
}
)
.replace(
@ -489,7 +490,7 @@
});
});
});
html = Ox.encodeHTMLEntities(html);
html = Ox.encodeHTMLEntities(Ox.decodeHTMLEntities(html));
matches.forEach(function(match, i) {
html = html.replace(new RegExp(salt.join(i)), match);
});