Escape HTML comment tags (#1160).

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1403 e93f8b46-1217-0410-a6f0-8f06a7374b81

diff --git a/lib/redcloth.rb b/lib/redcloth.rb
index 7e0c718397713fecd339080137fe72f2f01ab9b2..7729ced469ab887d509d81a3a3ceab63c7c2d8b4 100644 (file)
--- a/lib/redcloth.rb
+++ b/lib/redcloth.rb
@@ -1134,7 +1134,7 @@ class RedCloth < String
     ALLOWED_TAGS = %w(redpre pre code)
     
     def escape_html_tags(text)
-      text.gsub!(%r{<(\/?(\w+)[^>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' if $3}" }
+      text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
     end
 end
 

diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb
index 182cd3aec57cd7f11db8095f23a1c6b3604d7f6e..e8b5883ce3830b88ef87aa5cc43237268d187c4f 100644 (file)
--- a/test/unit/helpers/application_helper_test.rb
+++ b/test/unit/helpers/application_helper_test.rb
@@ -141,6 +141,8 @@ class ApplicationHelperTest < HelperTestCase
       "<pre>\nline 1\nline2</pre>" => "<pre>\nline 1\nline2</pre>",
       "<pre><code>\nline 1\nline2</code></pre>" => "<pre><code>\nline 1\nline2</code></pre>",
       "<pre><div>content</div></pre>" => "<pre>&lt;div&gt;content&lt;/div&gt;</pre>",
+      "HTML comment: <!-- no comments -->" => "<p>HTML comment: &lt;!-- no comments --&gt;</p>",
+      "<!-- opening comment" => "<p>&lt;!-- opening comment</p>"
     }
     to_test.each { |text, result| assert_equal result, textilizable(text) }
   end