github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-01-30 06:28:03 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Escape contents when using the quote tool.

Browse Source
This commit is contained in:
Robin Ward 2013-08-29 14:15:05 -04:00
parent 45b9f8048a
commit 1204eb62c3
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/assets/javascripts/discourse/components/quote.js
View File

@ -23,6 +23,10 @@ Discourse.Quote = {
sansQuotes = contents.replace(this.REGEXP, '').trim();
if (sansQuotes.length === 0) return "";
// Escape the content of the quote
sansQuotes = sansQuotes.replace(/</g, "&lt;")
.replace(/>/g, "&gt;");
result = "[quote=\"" + post.get('username') + ", post:" + post.get('post_number') + ", topic:" + post.get('topic_id');
/* Strip the HTML from cooked */

4
test/javascripts/components/bbcode_test.js
View File

@ -62,7 +62,6 @@ test("quotes", function() {
formatQuote("lorem", "[quote=\"eviltrout, post:1, topic:2\"]\nlorem\n[/quote]\n\n", "correctly formats quotes");
formatQuote(" lorem \t ",
"[quote=\"eviltrout, post:1, topic:2\"]\nlorem\n[/quote]\n\n",
"trims white spaces before & after the quoted contents");
@ -75,6 +74,9 @@ test("quotes", function() {
"[quote=\"eviltrout, post:1, topic:2, full:true\"]\n**lorem** ipsum\n[/quote]\n\n",
"keeps BBCode formatting");
formatQuote("this is <not> a bug",
"[quote=\"eviltrout, post:1, topic:2\"]\nthis is &lt;not&gt; a bug\n[/quote]\n\n",
"it escapes the contents of the quote");
});
test("quote formatting", function() {