Ox.sanitizeHTML: decode html entities before encoding html entities; Ox.parseMarkdown: encode '<' in code spans and code blocks

2012-06-22 10:24:25 +02:00 · 2012-06-22 10:24:25 +02:00 · 8ccabb349e
commit 8ccabb349e
parent ffe27a69d5
1 changed files with 5 additions and 4 deletions
--- a/source/Ox/js/HTML.js
+++ b/source/Ox/js/HTML.js
@ -403,14 +403,15 @@
                /\n```(.*)\n([^`]+)\n```/g,
                function(match, classname, code) {
                    return '<pre><code'
-                        + (classname ? ' class="' + classname + '"' : '')
-                        + '>' + code.trim() + '\n</code></pre>';
+                        + (classname ? ' class="' + classname + '"' : '') + '>'
+                        + code.trim().replace(/</g, '&lt;') + '\n</code></pre>';
                }
            )
            .replace(
                /(^|[^\\])(`+)([^\r]*?[^`])\2(?!`)/gm,
                function(match, prev, backticks, code, next) {
-                    return prev + '<code>' + code.trim() + '</code>';
+                    return prev + '<code>'
+                        + code.trim().replace(/</g, '&lt;') + '</code>';
            	}
            )
            .replace(
@ -489,7 +490,7 @@
                });
            });
        });
-        html = Ox.encodeHTMLEntities(html);
+        html = Ox.encodeHTMLEntities(Ox.decodeHTMLEntities(html));
        matches.forEach(function(match, i) {
            html = html.replace(new RegExp(salt.join(i)), match);
        });