diff options
author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-08 07:45:20 +0000 |
---|---|---|
committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2017-04-08 07:45:20 +0000 |
commit | ec59ffc8f31b5131224ed41e998b3aaa4d05057d (patch) | |
tree | 6d8d5472ff2d6c6b07d3f6b9ee2bc8a89bceb527 /lib/redcloth3.rb | |
parent | 2af7d986d9958428fd13639203fb7dc185d232d2 (diff) | |
download | redmine-ec59ffc8f31b5131224ed41e998b3aaa4d05057d.tar.gz redmine-ec59ffc8f31b5131224ed41e998b3aaa4d05057d.zip |
Merged r16500 to r16503 (#25503).
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@16523 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib/redcloth3.rb')
-rw-r--r-- | lib/redcloth3.rb | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index 31051fa96..d0bd217d3 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -494,7 +494,15 @@ class RedCloth3 < String style << "text-align:#{ h_align( $& ) };" if text =~ A_HLGN cls, id = $1, $2 if cls =~ /^(.*?)#(.*)$/ - + + # add wiki-class- and wiki-id- to classes and ids to prevent setting of + # arbitrary classes and ids + cls = cls.split(/\s+/).map do |c| + c.starts_with?('wiki-class-') ? c : "wiki-class-#{c}" + end.join(' ') if cls + + id = id.starts_with?('wiki-id-') ? id : "wiki-id-#{id}" if id + atts = '' atts << " style=\"#{ style.join }\"" unless style.empty? atts << " class=\"#{ cls }\"" unless cls.to_s.empty? @@ -1097,7 +1105,7 @@ class RedCloth3 < String first.match(/<#{ OFFTAGS }([^>]*)>/) tag = $1 $2.to_s.match(/(class\=("[^"]+"|'[^']+'))/i) - tag << " #{$1}" if $1 + tag << " #{$1}" if $1 && tag == 'code' @pre_list << "<#{ tag }>#{ aftertag }" end elsif $1 and codepre > 0 @@ -1202,8 +1210,8 @@ class RedCloth3 < String end end - ALLOWED_TAGS = %w(redpre pre code notextile) + ALLOWED_TAGS = %w(redpre pre code kbd notextile) def escape_html_tags(text) text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "<#{$1}#{'>' unless $3.blank?}" } end |