Properly escape HTML in code blocks
parent
a6b7c23f6f
commit
dd5bf40b97
|
@ -5,13 +5,23 @@ require_relative './sanitize_config'
|
||||||
|
|
||||||
class HTMLRenderer < Redcarpet::Render::HTML
|
class HTMLRenderer < Redcarpet::Render::HTML
|
||||||
def block_code(code, language)
|
def block_code(code, language)
|
||||||
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>"
|
"<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
|
||||||
end
|
end
|
||||||
|
|
||||||
def autolink(link, link_type)
|
def autolink(link, link_type)
|
||||||
return link if link_type == :email
|
return link if link_type == :email
|
||||||
Formatter.instance.link_url(link)
|
Formatter.instance.link_url(link)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def html_entities
|
||||||
|
@html_entities ||= HTMLEntities.new
|
||||||
|
end
|
||||||
|
|
||||||
|
def encode(html)
|
||||||
|
html_entities.encode(html)
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
class Formatter
|
class Formatter
|
||||||
|
|
Loading…
Reference in New Issue