Fixed that less-than sign is not escaped by textile formatter (#6969).

git-svn-id: http://svn.redmine.org/redmine/trunk@14812 e93f8b46-1217-0410-a6f0-8f06a7374b81

2 files changed, 9 insertions, 2 deletions

diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb
index f9c9054b8..20cccac5b 100644
--- a/lib/redcloth3.rb
+++ b/lib/redcloth3.rb
@@ -1202,7 +1202,7 @@ class RedCloth3 < String
     ALLOWED_TAGS = %w(redpre pre code notextile)
     
     def escape_html_tags(text)
-      text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
+      text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)?(>?)}) {|m| $2 && ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
     end
 end
 
diff --git a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
index 65a91b20a..de0e5086e 100644
--- a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
+++ b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
@@ -160,12 +160,19 @@ EXPECTED
     assert_equal expected.gsub(%r{\s+}, ''), to_html(raw).gsub(%r{\s+}, '')
   end
 
-  def test_escaping
+  def test_should_escape_unallowed_tags
     assert_html_output(
       'this is a <script>'      => 'this is a &lt;script&gt;'
     )
   end
 
+  def test_should_escape_less_than_signs
+    assert_html_output(
+      '<'                     => '&lt;',
+      '1 < 2'                 => '1 &lt; 2'
+    )
+  end
+
   def test_use_of_backslashes_followed_by_numbers_in_headers
     assert_html_output({
       'h1. 2009\02\09'      => '<h1>2009\02\09</h1>'