Ox.sanitizeHTML: decode html entities before encoding html entities; Ox.parseMarkdown: encode '<' in code spans and code blocks

This commit is contained in:
rolux 2012-06-22 10:24:25 +02:00
parent ffe27a69d5
commit 8ccabb349e

View file

@ -403,14 +403,15 @@
/\n```(.*)\n([^`]+)\n```/g, /\n```(.*)\n([^`]+)\n```/g,
function(match, classname, code) { function(match, classname, code) {
return '<pre><code' return '<pre><code'
+ (classname ? ' class="' + classname + '"' : '') + (classname ? ' class="' + classname + '"' : '') + '>'
+ '>' + code.trim() + '\n</code></pre>'; + code.trim().replace(/</g, '&lt;') + '\n</code></pre>';
} }
) )
.replace( .replace(
/(^|[^\\])(`+)([^\r]*?[^`])\2(?!`)/gm, /(^|[^\\])(`+)([^\r]*?[^`])\2(?!`)/gm,
function(match, prev, backticks, code, next) { function(match, prev, backticks, code, next) {
return prev + '<code>' + code.trim() + '</code>'; return prev + '<code>'
+ code.trim().replace(/</g, '&lt;') + '</code>';
} }
) )
.replace( .replace(
@ -489,7 +490,7 @@
}); });
}); });
}); });
html = Ox.encodeHTMLEntities(html); html = Ox.encodeHTMLEntities(Ox.decodeHTMLEntities(html));
matches.forEach(function(match, i) { matches.forEach(function(match, i) {
html = html.replace(new RegExp(salt.join(i)), match); html = html.replace(new RegExp(salt.join(i)), match);
}); });