From: Jean-Philippe Lang Date: Tue, 23 Dec 2008 17:05:38 +0000 (+0000) Subject: Escape textile titles and styles (#2377). X-Git-Tag: 0.9.0~857 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=7776b5b6659ee213c031fd1ed3f73d503af6541e;p=redmine.git Escape textile titles and styles (#2377). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@2170 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index fd56a8752..038522a89 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -408,7 +408,7 @@ class RedCloth3 < String # [ /"(?=[#{PUNCT_Q}]*[\s#{PUNCT_NOQ}])/, '”' ], # double closing # [ /"/, '“' ], # double opening # [ /\b( )?\.{3}/, '\1…' ], # ellipsis - [ /\b([A-Z][A-Z0-9]{2,})\b(?:[(]([^)]*)[)])/, '\1' ], # 3+ uppercase acronym + # [ /\b([A-Z][A-Z0-9]{2,})\b(?:[(]([^)]*)[)])/, '\1' ], # 3+ uppercase acronym # [ /(^|[^"][>\s])([A-Z][A-Z0-9 ]+[A-Z0-9])([^\2\3', :no_span_caps ], # 3+ uppercase caps # [ /(\.\s)?\s?--\s?/, '\1—' ], # em dash # [ /\s->\s/, ' → ' ], # right arrow @@ -448,9 +448,12 @@ class RedCloth3 < String # Search and replace for Textile glyphs (quotes, dashes, other symbols) def pgl( text ) - GLYPHS.each do |re, resub, tog| - next if tog and method( tog ).call - text.gsub! re, resub + #GLYPHS.each do |re, resub, tog| + # next if tog and method( tog ).call + # text.gsub! re, resub + #end + text.gsub!(/\b([A-Z][A-Z0-9]{2,})\b(?:[(]([^)]*)[)])/) do |m| + "#{$1}" end end @@ -467,7 +470,7 @@ class RedCloth3 < String style << "vertical-align:#{ v_align( $& ) };" if text =~ A_VLGN end - style << "#{ $1 };" if not filter_styles and + style << "#{ htmlesc $1 };" if not filter_styles and text.sub!( /\{([^}]*)\}/, '' ) lang = $1 if @@ -810,7 +813,7 @@ class RedCloth3 < String end atts = pba( atts ) atts = " href=\"#{ url }#{ slash }\"#{ atts }" - atts << " title=\"#{ title }\"" if title + atts << " title=\"#{ htmlesc title }\"" if title atts = shelve( atts ) if atts external = (url =~ /^https?:\/\//) ? ' class="external"' : '' diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb index b3bc8e40d..d2d1a1f19 100644 --- a/test/unit/helpers/application_helper_test.rb +++ b/test/unit/helpers/application_helper_test.rb @@ -76,6 +76,15 @@ class ApplicationHelperTest < HelperTestCase to_test.each { |text, result| assert_equal "

#{result}

", textilizable(text) } end + def test_acronyms + to_test = { + 'this is an acronym: GPL(General Public License)' => 'this is an acronym: GPL', + 'GPL(This is a double-quoted "title")' => 'GPL', + } + to_test.each { |text, result| assert_equal "

#{result}

", textilizable(text) } + + end + def test_attached_images to_test = { 'Inline image: !logo.gif!' => 'Inline image: This is a logo', @@ -90,6 +99,7 @@ class ApplicationHelperTest < HelperTestCase 'This is a "link":http://foo.bar' => 'This is a link', 'This is an intern "link":/foo/bar' => 'This is an intern link', '"link (Link title)":http://foo.bar' => 'link', + '"link (Link title with "double-quotes")":http://foo.bar' => 'link', "This is not a \"Link\":\n\nAnother paragraph" => "This is not a \"Link\":

\n\n\n\t

Another paragraph", # no multiline link text "This is a double quote \"on the first line\nand another on a second line\":test" => "This is a double quote \"on the first line
\nand another on a second line\":test"