deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Better

Browse source 
Put the "safe" XHTML sanitization in lib/santize.rb, rather than in lib/chunks/nowiki.rb.
D'oh!
This commit is contained in:
Jacques Distler 2008-12-01 10:29:46 -06:00
parent 758325923f
commit 513b2b16c1
3 changed files with 23 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/chunks/nowiki.rb
View file

@ -1,6 +1,5 @@
require 'chunks/chunk'
require 'sanitize'
require 'rexml/document'
# This chunks allows certain parts of a wiki page to be hidden from the
# rest of the rendering pipeline. It should be run at the beginning
@ -27,15 +26,7 @@ class NoWiki < Chunk::Abstract
def initialize(match_data, content)
super
begin
sanitized = sanitize_xhtml(match_data[1])
doc = REXML::Document.new("<div xmlns='http://www.w3.org/1999/xhtml'>#{sanitized}</div>")
sanitized = doc.to_s.gsub(/\A<div xmlns='http:\/\/www.w3.org\/1999\/xhtml'>(.*)<\/div>\Z/m, '\1')
rescue REXML::ParseException
sanitized = %{<pre class='markdown-html-error' style='border: solid 3px red; background-color: pink;'>HTML parse error:
#{sanitized.escapeHTML}</pre>}
end
@plain_text = @unmask_text = sanitized
@plain_text = @unmask_text = safe_sanitize_xhtml(match_data[1])
end
end