github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 14:49:07 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: better whitelisting

Browse Source
This commit is contained in:
Sam 2014-07-10 09:59:54 +10:00
parent 9828a268b9
commit d54c28adc1
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/assets/javascripts/discourse/lib/markdown.js
View File

@ -258,6 +258,6 @@ Discourse.Markdown.whiteListTag('span', 'bbcode-i');
Discourse.Markdown.whiteListTag('span', 'bbcode-u');
Discourse.Markdown.whiteListTag('span', 'bbcode-s');
Discourse.Markdown.whiteListTag('span', 'class', /bbcode-size-\d+$/);
Discourse.Markdown.whiteListTag('span', 'class', /^bbcode-size-\d+$/);
Discourse.Markdown.whiteListIframe(/^(https?:)?\/\/www\.google\.com\/maps\/embed\?.+/i);

2
spec/components/pretty_text_spec.rb
View File

@ -244,6 +244,8 @@ describe PrettyText do
it "sanitizes spans" do
PrettyText.cook("<span class=\"-bbcode-size-0 fa fa-spin\">a</span>").should match_html "<p><span>a</span></p>"
PrettyText.cook("<span class=\"fa fa-spin -bbcode-size-0\">a</span>").should match_html "<p><span>a</span></p>"
PrettyText.cook("<span class=\"bbcode-size-10\">a</span>").should match_html "<p><span class=\"bbcode-size-10\">a</span></p>"
end
it "bolds stuff in parens" do