Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-06 13:25:44 +01:00
Code Issues Packages Projects Releases Activity

Merged r19333 from trunk to 3.3-stable (#25742)

Browse Source 
Filter all possibly class values on code tags in Textile.

Contributed by Holger Just from Planio.

git-svn-id: http://svn.redmine.org/redmine/branches/3.3-stable@19337 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Toshi MARUYAMA
2019-12-05 12:07:15 +00:00
parent 32f4002a5f
commit 4c435dba1a
2 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/redmine/wiki_formatting/textile/formatter.rb
View File

@@ -120,9 +120,10 @@ module Redmine
## replace <pre> content ## replace <pre> content
text.gsub!(/<redpre#(\d+)>/) do text.gsub!(/<redpre#(\d+)>/) do
content = @pre_list[$1.to_i] content = @pre_list[$1.to_i]
if content.match(/<code\s+class=["'](\w+)["']>\s?(.+)/m) # This regex must match any data produced by RedCloth3#rip_offtags
language = $1 if content.match(/<code\s+class=(?:"([^"]+)"|'([^']+)')>\s?(.*)/m)
text = $2 language = $1 || $2
text = $3
if Redmine::SyntaxHighlighting.language_supported?(language) if Redmine::SyntaxHighlighting.language_supported?(language)
content = "<code class=\"#{language} syntaxhl\">" + content = "<code class=\"#{language} syntaxhl\">" +
Redmine::SyntaxHighlighting.highlight_by_language(text, language) Redmine::SyntaxHighlighting.highlight_by_language(text, language)

8
test/unit/lib/redmine/wiki_formatting/textile_formatter_test.rb
View File

@@ -536,9 +536,17 @@ STR
def test_should_not_allow_arbitrary_class_attribute_on_offtags def test_should_not_allow_arbitrary_class_attribute_on_offtags
%w(code pre kbd).each do |tag| %w(code pre kbd).each do |tag|
assert_html_output({"<#{tag} class=\"foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false) assert_html_output({"<#{tag} class=\"foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
assert_html_output({"<#{tag} class='foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
assert_html_output({"<#{tag} class=\"ruby foo\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
assert_html_output({"<#{tag} class='ruby foo'>test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
assert_html_output({"<#{tag} class=\"ruby \"foo\" bar\">test</#{tag}>" => "<#{tag}>test</#{tag}>"}, false)
end end
assert_html_output({"<notextile class=\"foo\">test</notextile>" => "test"}, false) assert_html_output({"<notextile class=\"foo\">test</notextile>" => "test"}, false)
assert_html_output({"<notextile class='foo'>test</notextile>" => "test"}, false)
assert_html_output({"<notextile class=\"ruby foo\">test</notextile>" => "test"}, false)
assert_html_output({"<notextile class='ruby foo'>test</notextile>" => "test"}, false)
assert_html_output({"<notextile class=\"ruby \"foo\" bar\">test</notextile>" => "test"}, false)
end end
def test_should_allow_valid_language_class_attribute_on_code_tags def test_should_allow_valid_language_class_attribute_on_code_tags