deac/instiki
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Minor Cleanups

Browse source 
Remove a no-longer-needed function.
' -> &39;
Fix regexp for tag chunk.
This commit is contained in:
Jacques Distler 2008-05-22 02:46:45 -05:00
parent f6508de6dd
commit ca1e8de89c
6 changed files with 6 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/chunks/category.rb
View file

@ -18,7 +18,7 @@ class Category < Chunk::Abstract
def initialize(match_data, content) def initialize(match_data, content)
super(match_data, content) super(match_data, content)
@hidden = match_data[1] @hidden = match_data[1]
@list = match_data[2].split(',').map { |c| c.to_s.is_utf8? ? html_escape(c.strip) : nil } @list = match_data[2].split(',').map { |c| c.to_s.is_utf8? ? c.strip.escapeHTML : nil }
@list.compact! @list.compact!
@unmask_text = '' @unmask_text = ''
if @hidden if @hidden

8
lib/chunks/chunk.rb
View file

@ -78,14 +78,6 @@ module Chunk
@content.delete_chunk(self) @content.delete_chunk(self)
end end
def html_escape(string)
string.gsub( /&/, "&amp;" ).
gsub( /</, "&lt;" ).
gsub( />/, "&gt;" ).
gsub( /'/, "&#39;" ).
gsub( /"/, "&quot;" )
end
end end
end end

2
lib/chunks/literal.rb
View file

@ -24,7 +24,7 @@ module Literal
# A literal chunk that protects HTML tags from wiki rendering. # A literal chunk that protects HTML tags from wiki rendering.
class Tags < AbstractLiteral class Tags < AbstractLiteral
TAGS_PATTERN = Regexp.new('<[a-zA-Z]+[^>]*?>', Regexp::MULTILINE) TAGS_PATTERN = Regexp.new('<[-a-zA-Z]+[^>]*?>', Regexp::MULTILINE)
def self.pattern() TAGS_PATTERN end def self.pattern() TAGS_PATTERN end
end end
end end

2
lib/stringsupport.rb
View file

@ -2215,7 +2215,7 @@ class String
self.gsub( /&/, "&amp;" ). self.gsub( /&/, "&amp;" ).
gsub( /</, "&lt;" ). gsub( /</, "&lt;" ).
gsub( />/, "&gt;" ). gsub( />/, "&gt;" ).
gsub(/'/, "&apos;" ). gsub(/'/, "&#39;" ).
gsub(/"/, "&quot;" ) gsub(/"/, "&quot;" )
end end

4
test/sanitizer.dat
View file

@ -3,14 +3,14 @@
"name": "IE_Comments", "name": "IE_Comments",
"input": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->", "input": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->",
"output": "", "output": "",
"xhtml": "&lt;!--[if gte IE 4]&gt;&lt;script&gt;alert(&apos;XSS&apos;);&lt;/script&gt;&lt;![endif]--&gt;" "xhtml": "&lt;!--[if gte IE 4]&gt;&lt;script&gt;alert(&#39;XSS&#39;);&lt;/script&gt;&lt;![endif]--&gt;"
}, },
{ {
"name": "IE_Comments_2", "name": "IE_Comments_2",
"input": "<![if !IE 5]><script>alert('XSS');</script><![endif]>", "input": "<![if !IE 5]><script>alert('XSS');</script><![endif]>",
"output": "&lt;script&gt;alert('XSS');&lt;/script&gt;", "output": "&lt;script&gt;alert('XSS');&lt;/script&gt;",
"xhtml": "&lt;![if !IE 5]&gt;&lt;script&gt;alert(&apos;XSS&apos;);&lt;/script&gt;&lt;![endif]&gt;", "xhtml": "&lt;![if !IE 5]&gt;&lt;script&gt;alert(&#39;XSS&#39;);&lt;/script&gt;&lt;![endif]&gt;",
"rexml": "Ill-formed XHTML!" "rexml": "Ill-formed XHTML!"
}, },

2
test/unit/page_renderer_test.rb
View file

@ -356,7 +356,7 @@ class PageRendererTest < Test::Unit::TestCase
def test_difficult_wiki_words def test_difficult_wiki_words
@revision.content = "[[It's just awesome GUI!]]" @revision.content = "[[It's just awesome GUI!]]"
assert_equal "<p><span class='newWikiWord'>It&apos;s just awesome GUI!" + assert_equal "<p><span class='newWikiWord'>It&#39;s just awesome GUI!" +
"<a href='../show/It%27s+just+awesome+GUI%21'>?</a></span></p>", "<a href='../show/It%27s+just+awesome+GUI%21'>?</a></span></p>",
test_renderer(@revision).display_content test_renderer(@revision).display_content
end end