Fix another ill-Formedness hole
The html5lib sanitizer does not necessarily produce well-formed output. Take some "bad" input, wrap it in a <nowiki> tag and -- bingo! -- you get ill-formed output. Fixed. (Though, probably, one should fix the html5lib sanitizer, instead.)
This commit is contained in:
Jacques Distler
parent
af8157130a
commit
758325923f
|
|
@ -1,5 +1,6 @@
|
|||
require 'chunks/chunk'
|
||||
require 'sanitize'
|
||||
require 'rexml/document'
|
||||
|
||||
# This chunks allows certain parts of a wiki page to be hidden from the
|
||||
# rest of the rendering pipeline. It should be run at the beginning
|
||||
|
|
@ -26,7 +27,15 @@ class NoWiki < Chunk::Abstract
|
|||
|
||||
def initialize(match_data, content)
|
||||
super
|
||||
@plain_text = @unmask_text = sanitize_xhtml(match_data[1])
|
||||
begin
|
||||
sanitized = sanitize_xhtml(match_data[1])
|
||||
doc = REXML::Document.new("<div xmlns='http://www.w3.org/1999/xhtml'>#{sanitized}</div>")
|
||||
sanitized = doc.to_s.gsub(/\A<div xmlns='http:\/\/www.w3.org\/1999\/xhtml'>(.*)<\/div>\Z/m, '\1')
|
||||
rescue REXML::ParseException
|
||||
sanitized = %{<pre class='markdown-html-error' style='border: solid 3px red; background-color: pink;'>HTML parse error:
|
||||
#{sanitized.escapeHTML}</pre>}
|
||||
end
|
||||
@plain_text = @unmask_text = sanitized
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -24,4 +24,10 @@ class NoWikiTest < Test::Unit::TestCase
|
|||
)
|
||||
end
|
||||
|
||||
def test_sanitize_nowiki_ill_formed
|
||||
match(NoWiki, "<nowiki><animateColor xlink:href='#foo'/></nowiki>",
|
||||
:plain_text => "<pre class='markdown-html-error' style='border: solid 3px red; background-color: pink;'>HTML parse error:\n<animateColor xlink:href='#foo'></animateColor></pre>"
|
||||
)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in a new issue