From 758325923f24dae5b0f03cc419b95d46a53fee28 Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Sun, 30 Nov 2008 21:44:52 -0600 Subject: [PATCH] Fix another ill-Formedness hole The html5lib sanitizer does not necessarily produce well-formed output. Take some "bad" input, wrap it in a tag and -- bingo! -- you get ill-formed output. Fixed. (Though, probably, one should fix the html5lib sanitizer, instead.) --- lib/chunks/nowiki.rb | 11 ++++++++++- test/unit/chunks/nowiki_test.rb | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/chunks/nowiki.rb b/lib/chunks/nowiki.rb index 6d9641ef..f3cee86f 100644 --- a/lib/chunks/nowiki.rb +++ b/lib/chunks/nowiki.rb @@ -1,5 +1,6 @@ require 'chunks/chunk' require 'sanitize' +require 'rexml/document' # This chunks allows certain parts of a wiki page to be hidden from the # rest of the rendering pipeline. It should be run at the beginning @@ -26,7 +27,15 @@ class NoWiki < Chunk::Abstract def initialize(match_data, content) super - @plain_text = @unmask_text = sanitize_xhtml(match_data[1]) + begin + sanitized = sanitize_xhtml(match_data[1]) + doc = REXML::Document.new("
#{sanitized}
") + sanitized = doc.to_s.gsub(/\A
(.*)<\/div>\Z/m, '\1') + rescue REXML::ParseException + sanitized = %{
HTML parse error:
+#{sanitized.escapeHTML}
} + end + @plain_text = @unmask_text = sanitized end end diff --git a/test/unit/chunks/nowiki_test.rb b/test/unit/chunks/nowiki_test.rb index a8915ef3..8c068b63 100755 --- a/test/unit/chunks/nowiki_test.rb +++ b/test/unit/chunks/nowiki_test.rb @@ -24,4 +24,10 @@ class NoWikiTest < Test::Unit::TestCase ) end + def test_sanitize_nowiki_ill_formed + match(NoWiki, "", + :plain_text => "
HTML parse error:\n<animateColor xlink:href='#foo'></animateColor>
" + ) + end + end