summaryrefslogtreecommitdiffstats
path: root/test
diff options
context:
space:
mode:
authorMarius Balteanu <marius.balteanu@zitec.com>2022-10-04 18:58:37 +0000
committerMarius Balteanu <marius.balteanu@zitec.com>2022-10-04 18:58:37 +0000
commitba635eace99f8552c3364d6b86b07043147c2dac (patch)
tree1b8157830f61c8c7925a895078e55804ba30c86d /test
parent0ab2bb8647a08b381ed2eb94f6763aa0ad71668f (diff)
downloadredmine-ba635eace99f8552c3364d6b86b07043147c2dac.tar.gz
redmine-ba635eace99f8552c3364d6b86b07043147c2dac.zip
Escape blockquote citation in textile formatting (#37751).
Patch by Jens Krämer. git-svn-id: https://svn.redmine.org/redmine/trunk@21894 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'test')
-rw-r--r--test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb7
1 files changed, 7 insertions, 0 deletions
diff --git a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
index 30013b837..23f6d7538 100644
--- a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
+++ b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
@@ -751,6 +751,13 @@ class Redmine::WikiFormatting::TextileFormatterTest < ActionView::TestCase
assert_equal expected.gsub(%r{[\r\n\t]}, ''), to_html(text).gsub(%r{[\r\n\t]}, '')
end
+ def test_should_escape_bq_citations
+ assert_html_output({
+ %{bq.:http://x/"onmouseover="alert(document.domain) Hover me} =>
+ %{<blockquote cite="http://x/&quot;onmouseover=&quot;alert(document.domain)">\n\t\t<p>Hover me</p>\n\t</blockquote>}
+ }, false)
+ end
+
private
def assert_html_output(to_test, expect_paragraph = true)
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-29 15:35:36 +0000