diff --git a/lib/sanitizer.rb b/lib/sanitizer.rb
index 031ee465..aa34b440 100644
--- a/lib/sanitizer.rb
+++ b/lib/sanitizer.rb
@@ -149,7 +149,7 @@ module Sanitizer
end
node.attributes.each do |attr,val|
if String === val
- node.attributes[attr] = CGI.escapeHTML(CGI.unescapeHTML(val))
+ node.attributes[attr] = val.unescapeHTML.escapeHTML
else
node.attributes.delete attr
end
diff --git a/lib/stringsupport.rb b/lib/stringsupport.rb
index b938dfef..4f88e689 100644
--- a/lib/stringsupport.rb
+++ b/lib/stringsupport.rb
@@ -2214,7 +2214,9 @@ class String
def escapeHTML
self.gsub( /&/, "&" ).
gsub( //, ">" )
+ gsub( />/, ">" ).
+ gsub(/'/, "'" ).
+ gsub(/"/, """ )
end
def unescapeHTML
@@ -2224,6 +2226,8 @@ class String
when /\Aamp\z/ni then '&'
when /\Agt\z/ni then '>'
when /\Alt\z/ni then '<'
+ when /\Aquot\z/ni then '"'
+ when /\Aapos\z/ni then "'"
when /\A#0*(\d+)\z/n then
if Integer($1) < 256
Integer($1).chr
diff --git a/test/sanitizer.dat b/test/sanitizer.dat
index 2929ca9c..04d2d523 100644
--- a/test/sanitizer.dat
+++ b/test/sanitizer.dat
@@ -3,14 +3,14 @@
"name": "IE_Comments",
"input": "",
"output": "",
- "xhtml": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->"
+ "xhtml": "<!--[if gte IE 4]><script>alert('XSS');</script><![endif]-->"
},
{
"name": "IE_Comments_2",
"input": "",
"output": "<script>alert('XSS');</script>",
- "xhtml": "<![if !IE 5]><script>alert('XSS');</script><![endif]>",
+ "xhtml": "<![if !IE 5]><script>alert('XSS');</script><![endif]>",
"rexml": "Ill-formed XHTML!"
},
@@ -359,7 +359,7 @@
"name": "should_sanitize_script_tag_with_multiple_open_brackets",
"input": "<",
"output": "<<script>alert(\"XSS\");//<</script>",
- "xhtml": "<<script>alert(\"XSS\");//<</script>",
+ "xhtml": "<<script>alert("XSS");//<</script>",
"rexml": "Ill-formed XHTML!"
},
@@ -375,7 +375,7 @@
"name": "should_sanitize_tag_broken_up_by_null",
"input": "alert(\"XSS\")",
"output": "<scr\ufffdipt>alert(\"XSS\")</scr\ufffdipt>",
- "xhtml": "<scr>alert(\"XSS\")</scr>",
+ "xhtml": "<scr>alert("XSS")</scr>",
"rexml": "Ill-formed XHTML!"
},
diff --git a/test/unit/page_renderer_test.rb b/test/unit/page_renderer_test.rb
index 041c0fae..67dd573b 100644
--- a/test/unit/page_renderer_test.rb
+++ b/test/unit/page_renderer_test.rb
@@ -101,6 +101,13 @@ class PageRendererTest < Test::Unit::TestCase
%{This is a code block:
\n\ndef a_method(arg)\n} +
%{return ThatWay
\n\nNice!
},
code_block)
+
+ assert_markup_parsed_as(%{You then needed to edit (or create) a user.js file in} +
+ %{ your Mozilla profile, which read either (Mac OSX?)
\n\n user_pref("font.mat} +
+ %{hfont-family", "Math1,Math2,Math4,Symbol");
},
+ %{You then needed to edit (or create) a user.js file in your Mozilla profile, whic} +
+ %{h read either (MacOSX)\n\n user_pref("font.mathfont-family", "Math1,Math2,Math4,Symbol");})
assert_markup_parsed_as(
%{',
+ '[[test]]&shebang <script>alert("xss!");</script> *foo*
',
'[[test]]&shebang *foo*')
end
@@ -349,7 +356,7 @@ class PageRendererTest < Test::Unit::TestCase
def test_difficult_wiki_words
@revision.content = "[[It's just awesome GUI!]]"
- assert_equal "It's just awesome GUI!" +
+ assert_equal "It's just awesome GUI!" +
"?
",
test_renderer(@revision).display_content
end
@@ -366,7 +373,7 @@ class PageRendererTest < Test::Unit::TestCase
def test_nowiki_sanitization
assert_markup_parsed_as('This sentence contains a & b ' +
- '<script>alert("XSS!");</script>. Do not touch!
',
+ '<script>alert("XSS!");</script>. Do not touch!
',
'This sentence contains a & b . Do not touch!')
end