From ca1e8de89c7af2917da7bb6f43fa0a9ec5eecffb Mon Sep 17 00:00:00 2001 From: Jacques Distler Date: Thu, 22 May 2008 02:46:45 -0500 Subject: [PATCH] Minor Cleanups Remove a no-longer-needed function. ' -> &39; Fix regexp for tag chunk. --- lib/chunks/category.rb | 2 +- lib/chunks/chunk.rb | 8 -------- lib/chunks/literal.rb | 2 +- lib/stringsupport.rb | 2 +- test/sanitizer.dat | 4 ++-- test/unit/page_renderer_test.rb | 2 +- 6 files changed, 6 insertions(+), 14 deletions(-) diff --git a/lib/chunks/category.rb b/lib/chunks/category.rb index 67987a4d..ee473ae0 100644 --- a/lib/chunks/category.rb +++ b/lib/chunks/category.rb @@ -18,7 +18,7 @@ class Category < Chunk::Abstract def initialize(match_data, content) super(match_data, content) @hidden = match_data[1] - @list = match_data[2].split(',').map { |c| c.to_s.is_utf8? ? html_escape(c.strip) : nil } + @list = match_data[2].split(',').map { |c| c.to_s.is_utf8? ? c.strip.escapeHTML : nil } @list.compact! @unmask_text = '' if @hidden diff --git a/lib/chunks/chunk.rb b/lib/chunks/chunk.rb index ee65cc77..9beb0e6c 100644 --- a/lib/chunks/chunk.rb +++ b/lib/chunks/chunk.rb @@ -78,14 +78,6 @@ module Chunk @content.delete_chunk(self) end - def html_escape(string) - string.gsub( /&/, "&" ). - gsub( //, ">" ). - gsub( /'/, "'" ). - gsub( /"/, """ ) - end - end end diff --git a/lib/chunks/literal.rb b/lib/chunks/literal.rb index 3927c31e..d27a1677 100644 --- a/lib/chunks/literal.rb +++ b/lib/chunks/literal.rb @@ -24,7 +24,7 @@ module Literal # A literal chunk that protects HTML tags from wiki rendering. class Tags < AbstractLiteral - TAGS_PATTERN = Regexp.new('<[a-zA-Z]+[^>]*?>', Regexp::MULTILINE) + TAGS_PATTERN = Regexp.new('<[-a-zA-Z]+[^>]*?>', Regexp::MULTILINE) def self.pattern() TAGS_PATTERN end end end diff --git a/lib/stringsupport.rb b/lib/stringsupport.rb index 4f88e689..09763788 100644 --- a/lib/stringsupport.rb +++ b/lib/stringsupport.rb @@ -2215,7 +2215,7 @@ class String self.gsub( /&/, "&" ). gsub( //, ">" ). - gsub(/'/, "'" ). + gsub(/'/, "'" ). gsub(/"/, """ ) end diff --git a/test/sanitizer.dat b/test/sanitizer.dat index 04d2d523..078becfa 100644 --- a/test/sanitizer.dat +++ b/test/sanitizer.dat @@ -3,14 +3,14 @@ "name": "IE_Comments", "input": "", "output": "", - "xhtml": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->" + "xhtml": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->" }, { "name": "IE_Comments_2", "input": "", "output": "<script>alert('XSS');</script>", - "xhtml": "<![if !IE 5]><script>alert('XSS');</script><![endif]>", + "xhtml": "<![if !IE 5]><script>alert('XSS');</script><![endif]>", "rexml": "Ill-formed XHTML!" }, diff --git a/test/unit/page_renderer_test.rb b/test/unit/page_renderer_test.rb index 67dd573b..35ac3f2c 100644 --- a/test/unit/page_renderer_test.rb +++ b/test/unit/page_renderer_test.rb @@ -356,7 +356,7 @@ class PageRendererTest < Test::Unit::TestCase def test_difficult_wiki_words @revision.content = "[[It's just awesome GUI!]]" - assert_equal "

It's just awesome GUI!" + + assert_equal "

It's just awesome GUI!" + "?

", test_renderer(@revision).display_content end