Properly escape HTML in code blocks

signup-info-prompt
Thibaut Girka 2019-05-17 10:43:17 +02:00 committed by ThibG
parent a6b7c23f6f
commit dd5bf40b97
1 changed files with 11 additions and 1 deletions

View File

@ -5,13 +5,23 @@ require_relative './sanitize_config'
class HTMLRenderer < Redcarpet::Render::HTML class HTMLRenderer < Redcarpet::Render::HTML
def block_code(code, language) def block_code(code, language)
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>" "<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
end end
def autolink(link, link_type) def autolink(link, link_type)
return link if link_type == :email return link if link_type == :email
Formatter.instance.link_url(link) Formatter.instance.link_url(link)
end end
private
def html_entities
@html_entities ||= HTMLEntities.new
end
def encode(html)
html_entities.encode(html)
end
end end
class Formatter class Formatter