summaryrefslogtreecommitdiffstats
path: root/lib/redcloth3.rb
diff options
context:
space:
mode:
authorJean-Philippe Lang <jp_lang@yahoo.fr>2017-04-08 07:45:20 +0000
committerJean-Philippe Lang <jp_lang@yahoo.fr>2017-04-08 07:45:20 +0000
commitec59ffc8f31b5131224ed41e998b3aaa4d05057d (patch)
tree6d8d5472ff2d6c6b07d3f6b9ee2bc8a89bceb527 /lib/redcloth3.rb
parent2af7d986d9958428fd13639203fb7dc185d232d2 (diff)
downloadredmine-ec59ffc8f31b5131224ed41e998b3aaa4d05057d.tar.gz
redmine-ec59ffc8f31b5131224ed41e998b3aaa4d05057d.zip
Merged r16500 to r16503 (#25503).
git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@16523 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'lib/redcloth3.rb')
-rw-r--r--lib/redcloth3.rb14
1 files changed, 11 insertions, 3 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb
index 31051fa96..d0bd217d3 100644
--- a/lib/redcloth3.rb
+++ b/lib/redcloth3.rb
@@ -494,7 +494,15 @@ class RedCloth3 < String
style << "text-align:#{ h_align( $& ) };" if text =~ A_HLGN
cls, id = $1, $2 if cls =~ /^(.*?)#(.*)$/
-
+
+ # add wiki-class- and wiki-id- to classes and ids to prevent setting of
+ # arbitrary classes and ids
+ cls = cls.split(/\s+/).map do |c|
+ c.starts_with?('wiki-class-') ? c : "wiki-class-#{c}"
+ end.join(' ') if cls
+
+ id = id.starts_with?('wiki-id-') ? id : "wiki-id-#{id}" if id
+
atts = ''
atts << " style=\"#{ style.join }\"" unless style.empty?
atts << " class=\"#{ cls }\"" unless cls.to_s.empty?
@@ -1097,7 +1105,7 @@ class RedCloth3 < String
first.match(/<#{ OFFTAGS }([^>]*)>/)
tag = $1
$2.to_s.match(/(class\=("[^"]+"|'[^']+'))/i)
- tag << " #{$1}" if $1
+ tag << " #{$1}" if $1 && tag == 'code'
@pre_list << "<#{ tag }>#{ aftertag }"
end
elsif $1 and codepre > 0
@@ -1202,8 +1210,8 @@ class RedCloth3 < String
end
end
- ALLOWED_TAGS = %w(redpre pre code notextile)
+ ALLOWED_TAGS = %w(redpre pre code kbd notextile)
def escape_html_tags(text)
text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "&lt;#{$1}#{'&gt;' unless $3.blank?}" }
end