diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/redcloth3.rb | 14 | ||||
| -rw-r--r-- | lib/redmine/syntax_highlighting.rb | 16 | ||||
| -rw-r--r-- | lib/redmine/wiki_formatting/markdown/formatter.rb | 2 | ||||
| -rw-r--r-- | lib/redmine/wiki_formatting/textile/formatter.rb | 10 |
4 files changed, 36 insertions, 6 deletions
diff --git a/lib/redcloth3.rb b/lib/redcloth3.rb index 31051fa96..d0bd217d3 100644 --- a/lib/redcloth3.rb +++ b/lib/redcloth3.rb @@ -494,7 +494,15 @@ class RedCloth3 < String style << "text-align:#{ h_align( $& ) };" if text =~ A_HLGN cls, id = $1, $2 if cls =~ /^(.*?)#(.*)$/ - + + # add wiki-class- and wiki-id- to classes and ids to prevent setting of + # arbitrary classes and ids + cls = cls.split(/\s+/).map do |c| + c.starts_with?('wiki-class-') ? c : "wiki-class-#{c}" + end.join(' ') if cls + + id = id.starts_with?('wiki-id-') ? id : "wiki-id-#{id}" if id + atts = '' atts << " style=\"#{ style.join }\"" unless style.empty? atts << " class=\"#{ cls }\"" unless cls.to_s.empty? @@ -1097,7 +1105,7 @@ class RedCloth3 < String first.match(/<#{ OFFTAGS }([^>]*)>/) tag = $1 $2.to_s.match(/(class\=("[^"]+"|'[^']+'))/i) - tag << " #{$1}" if $1 + tag << " #{$1}" if $1 && tag == 'code' @pre_list << "<#{ tag }>#{ aftertag }" end elsif $1 and codepre > 0 @@ -1202,8 +1210,8 @@ class RedCloth3 < String end end - ALLOWED_TAGS = %w(redpre pre code notextile) + ALLOWED_TAGS = %w(redpre pre code kbd notextile) def escape_html_tags(text) text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "<#{$1}#{'>' unless $3.blank?}" } end diff --git a/lib/redmine/syntax_highlighting.rb b/lib/redmine/syntax_highlighting.rb index 7480ebd16..7f4334977 100644 --- a/lib/redmine/syntax_highlighting.rb +++ b/lib/redmine/syntax_highlighting.rb @@ -40,6 +40,16 @@ module Redmine rescue ERB::Util.h(text) end + + def language_supported?(language) + if highlighter.respond_to? :language_supported? + highlighter.language_supported? language + else + true + end + rescue + false + end end module CodeRay @@ -58,6 +68,12 @@ module Redmine def highlight_by_language(text, language) ::CodeRay.scan(text, language).html(:wrap => :span) end + + def language_supported?(language) + ::CodeRay::Scanners.list.include?(language.to_s.downcase.to_sym) + rescue + false + end end end end diff --git a/lib/redmine/wiki_formatting/markdown/formatter.rb b/lib/redmine/wiki_formatting/markdown/formatter.rb index 4afbc2fdd..bfb04774c 100644 --- a/lib/redmine/wiki_formatting/markdown/formatter.rb +++ b/lib/redmine/wiki_formatting/markdown/formatter.rb @@ -35,7 +35,7 @@ module Redmine end def block_code(code, language) - if language.present? + if language.present? && Redmine::SyntaxHighlighting.language_supported?(language) "<pre><code class=\"#{CGI.escapeHTML language} syntaxhl\">" + Redmine::SyntaxHighlighting.highlight_by_language(code, language) + "</code></pre>" diff --git a/lib/redmine/wiki_formatting/textile/formatter.rb b/lib/redmine/wiki_formatting/textile/formatter.rb index 91ea14960..a698cad45 100644 --- a/lib/redmine/wiki_formatting/textile/formatter.rb +++ b/lib/redmine/wiki_formatting/textile/formatter.rb @@ -121,8 +121,14 @@ module Redmine text.gsub!(/<redpre#(\d+)>/) do content = @pre_list[$1.to_i] if content.match(/<code\s+class="(\w+)">\s?(.+)/m) - content = "<code class=\"#{$1} syntaxhl\">" + - Redmine::SyntaxHighlighting.highlight_by_language($2, $1) + language = $1 + text = $2 + if Redmine::SyntaxHighlighting.language_supported?(language) + content = "<code class=\"#{language} syntaxhl\">" + + Redmine::SyntaxHighlighting.highlight_by_language(text, language) + else + content = "<code>#{ERB::Util.h(text)}" + end end content end |