From 7a969dafacf06f9079a925f69b62dbad81c3aba4 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Fri, 2 May 2008 15:16:17 +0000 Subject: [PATCH] Escape HTML comment tags (#1160). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1403 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- lib/redcloth.rb | 2 +- test/unit/helpers/application_helper_test.rb | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/redcloth.rb b/lib/redcloth.rb index 7e0c71839..7729ced46 100644 --- a/lib/redcloth.rb +++ b/lib/redcloth.rb @@ -1134,7 +1134,7 @@ class RedCloth < String ALLOWED_TAGS = %w(redpre pre code) def escape_html_tags(text) - text.gsub!(%r{<(\/?(\w+)[^>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "<#{$1}#{'>' if $3}" } + text.gsub!(%r{<(\/?([!\w]+)[^<>\n]*)(>?)}) {|m| ALLOWED_TAGS.include?($2) ? "<#{$1}#{$3}" : "<#{$1}#{'>' unless $3.blank?}" } end end diff --git a/test/unit/helpers/application_helper_test.rb b/test/unit/helpers/application_helper_test.rb index 182cd3aec..e8b5883ce 100644 --- a/test/unit/helpers/application_helper_test.rb +++ b/test/unit/helpers/application_helper_test.rb @@ -141,6 +141,8 @@ class ApplicationHelperTest < HelperTestCase "
\nline 1\nline2
" => "
\nline 1\nline2
", "
\nline 1\nline2
" => "
\nline 1\nline2
", "
content
" => "
<div>content</div>
", + "HTML comment: " => "

HTML comment: <!-- no comments -->

", + "