summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/redmine/wiki_formatting/textile/formatter.rb7
-rw-r--r--test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb8
2 files changed, 12 insertions, 3 deletions
diff --git a/lib/redmine/wiki_formatting/textile/formatter.rb b/lib/redmine/wiki_formatting/textile/formatter.rb
index 4d4e4b240..2555479d4 100644
--- a/lib/redmine/wiki_formatting/textile/formatter.rb
+++ b/lib/redmine/wiki_formatting/textile/formatter.rb
@@ -120,9 +120,10 @@ module Redmine
## replace <pre> content
text.gsub!(/<redpre#(\d+)>/) do
content = @pre_list[$1.to_i]
- if content.match(/<code\s+class=["'](\w+)["']>\s?(.+)/m)
- language = $1
- text = $2
+ # This regex must match any data produced by RedCloth3#rip_offtags
+ if content.match(/<code\s+class=(?:"([^"]+)"|'([^']+)')>\s?(.*)/m)
+ language = $1 || $2
+ text = $3
if Redmine::SyntaxHighlighting.language_supported?(language)
content = "<code class=\"#{language} syntaxhl\">" +
Redmine::SyntaxHighlighting.highlight_by_language(text, language)
diff --git a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
index 8920a6ae9..59273d409 100644
--- a/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
+++ b/test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
@@ -536,9 +536,17 @@ STR
def test_should_not_allow_arbitrary_class_attribute_on_offtags
%w(code pre kbd).each do |tag|
assert_html_output({"<#{tag} class=\"foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+ assert_html_output({"<#{tag} class='foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+ assert_html_output({"<#{tag} class=\"ruby foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+ assert_html_output({"<#{tag} class='ruby foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
+ assert_html_output({"<#{tag} class=\"ruby \"foo\" bar\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
end
assert_html_output({"<notextile class=\"foo\">test</notextile>" => "test"}, false)
+ assert_html_output({"<notextile class='foo'>test</notextile>" => "test"}, false)
+ assert_html_output({"<notextile class=\"ruby foo\">test</notextile>" => "test"}, false)
+ assert_html_output({"<notextile class='ruby foo'>test</notextile>" => "test"}, false)
+ assert_html_output({"<notextile class=\"ruby \"foo\" bar\">test</notextile>" => "test"}, false)
end
def test_should_allow_valid_language_class_attribute_on_code_tags
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-11 14:02:51 +0000
"p">, "description": "Vaadin components is an evolving set of open sourced custom HTML elements for building mobile and desktop web applications in modern browsers.", "author": "Vaadin Ltd", "license": "(Apache-2.0 OR SEE LICENSE IN https://vaadin.com/license/cvdl-4.0)", "main": "vaadin.js", "dependencies": { "@vaadin/board": "24.5.0-alpha11", "@vaadin/charts": "24.5.0-alpha11", "@vaadin/cookie-consent": "24.5.0-alpha11", "@vaadin/crud": "24.5.0-alpha11", "@vaadin/grid-pro": "24.5.0-alpha11", "@vaadin/map": "24.5.0-alpha11", "@vaadin/rich-text-editor": "24.5.0-alpha11", "@vaadin/vaadin-core": "24.5.0-alpha14" }, "files": [ "vaadin.js" ], "keywords": [ "vaadin", "core", "elements", "web", "components", "webcomponents", "web-components" ] }