RedCloth 3.0.4 → 4.0.0

data/test/code.yml

@@ -0,0 +1,195 @@
+---
+name: inline code
+in: 'This is an empty dictionary: @{}@'
+html: '<p>This is an empty dictionary: <code>{}</code></p>'
+---
+name: inline code escapement
+in: 'Please type @cat "file.txt" > otherfile.txt@ at the prompt.'
+html: '<p>Please type <code>cat "file.txt" &gt; otherfile.txt</code> at the prompt.</p>'
+---
+name: inline code escapement with digits
+in: |-
+  Regex-based string substitution with Ruby's gsub!: @"123<789".gsub!(/</, "") => "123789"@
+html: |-
+  <p>Regex-based string substitution with Ruby&#8217;s gsub!: <code>"123&lt;789".gsub!(/&lt;/, "") =&gt; "123789"</code></p>
+---
+name: inlne code escapement describing textile paragraph styling 
+in: 'This paragraph is aligned left but if you add this: @p>.@ to the beginning it will be aligned right.'
+html: '<p>This paragraph is aligned left but if you add this: <code>p&gt;.</code> to the beginning it will be aligned right.</p>'
+---
+name: escaping in blockcode
+in: 'bc. This is within a block of code, so < and > should be entities.  You can talk about a <p class="foo"> tag if you wish and it will be properly escaped.'
+html: '<pre><code>This is within a block of code, so &lt; and &gt; should be entities.  You can talk about a &lt;p class="foo"&gt; tag if you wish and it will be properly escaped.</code></pre>'
+---
+name: escaping in pre
+in: '<pre><code>This is within a block of code, so < and > should be entities.  You can talk about a <p class="foo"> tag in pre tags too.</code></pre>'
+html: '<pre><code>This is within a block of code, so &lt; and &gt; should be entities.  You can talk about a &lt;p class="foo"&gt; tag in pre tags too.</code></pre>'
+---
+name: escaping in normal text
+in: |-
+  This is a regular paragraph.  AT&T. &pound;38 > $38.
+html: |-
+  <p>This is a regular paragraph.  AT&amp;T. &pound;38 &gt; $38.</p>
+latex: "This is a regular paragraph.  AT\\&T. \\pounds{}38 \\textgreater{} \\$38.\n\n"
+---
+name: preservation of existing entities
+in: "Math fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;6 &#62; $6. Oh, and 2 &divide; 4 is &frac12;."
+html: "<p>Math fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;6 &#62; $6. Oh, and 2 &divide; 4 is &frac12;.</p>"
+latex: "Math fact: 3 \\textless{} 5 \\& 5 \\textgreater{} 3 but \\pounds{}6 \\textgreater{} \\$6. Oh, and 2 \\textdiv{} 4 is \\sfrac{1}{2}.\n\n"
+---
+name: escaping of existing entities in blockcode
+in: "bc. Math fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;5 &#62; $5.
+"
+html: "<pre><code>Math fact: 3 &amp;lt; 5 &amp;amp; 5 &amp;gt; 3 but &amp;pound;5 &amp;#62; $5.</code></pre>"
+latex: "\\begin{verbatim}\nMath fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;5 &#62; $5.\\end{verbatim}\n"
+---
+name: no formatting within pre
+in: |-
+  <pre>
+  <code>
+  # *test*
+  __not italics__
+  no hard breaks
+  </code>
+  </pre>
+html: |-
+  <pre>
+  <code>
+  # *test*
+  __not italics__
+  no hard breaks
+  </code>
+  </pre>
+---
+name: no formatting within blockcode
+in: |-
+  bc. __not italics__
+html: |-
+  <pre><code>__not italics__</code></pre>
+---
+name: double-equals as inline notextile
+in: |-
+  p. Regular paragraph
+
+  ==Escaped portion -- will not be formatted by Textile at all==
+
+  p. Back to normal.
+html: |-
+  <p>Regular paragraph</p>
+  <p>Escaped portion -- will not be formatted by Textile at all</p>
+  <p>Back to normal.</p>
+---
+name: notextile tags
+in: |-
+  <notextile>
+  # *test*
+  </notextile>
+html: |-
+  # *test*
+valid_html: false
+---
+name: unfinished notextile tag
+in: |-
+  <notextile>
+  # *test*
+html: |-
+  # *test*
+valid_html: false
+---
+name: unfinished script tag
+in: |-
+  <script>
+  function main(){}
+html: |-
+  <script><br />
+  function main(){}
+valid_html: false
+---
+name: inline notextile tags
+in: 'This is how you make a link: <notextile>"link":http://www.redcloth.org</notextile>'
+html: '<p>This is how you make a link: "link":http://www.redcloth.org</p>'
+---
+name: code in list items
+in: |-
+  * @foo@
+  * @bar@
+  * and @x@ is also.
+
+html: |-
+  <ul>
+  	<li><code>foo</code></li>
+  	<li><code>bar</code></li>
+  	<li>and <code>x</code> is also.</li>
+  </ul>
+---
+name: extended block code
+in: |-
+  If you have a line or two of code or HTML to embed, use extended block code like so:
+
+  bc.. ./foo.pl%
+  <p>foo outputs an HTML paragraph</p>
+  
+  <p>block of code keeps going until a different block signature is encountered</p>
+
+  p. And then go back with a normal paragraph.
+html: |-
+  <p>If you have a line or two of code or <span class="caps">HTML</span> to embed, use extended block code like so:</p>
+  <pre><code>./foo.pl%
+  &lt;p&gt;foo outputs an HTML paragraph&lt;/p&gt;</code>
+
+  <code>&lt;p&gt;block of code keeps going until a different block signature is encountered&lt;/p&gt;</code>
+
+  </pre>
+  <p>And then go back with a normal paragraph.</p>
+---
+name: block code containing code avoids nesting code tags
+in: |-
+  bc. A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@
+html: |-
+  <pre><code>A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@</code></pre>
+---
+name: block code containing block start
+in: |-
+  bc. I saw a ship. It ate my elephant.
+html: |-
+  <pre><code>I saw a ship. It ate my elephant.</code></pre>
+---
+name: extended block code containing block start
+in: |-
+  bc.. This is an extended bc.
+  
+  I saw a ship. It ate my elephant.
+html: |-
+  <pre><code>This is an extended bc.</code>
+  
+  <code>I saw a ship. It ate my elephant.</code></pre>
+---
+name: escape latex standard symbols 
+in: "standard symbols # $ % & _ { }" 
+latex: "standard symbols \\# \\$ \\% \\& \\_ \\{ \\}\n\n" 
+--- 
+name: escape latex text symbols 
+in: "text symbols \\ ~ ^" 
+latex: "text symbols \\textbackslash{} \\~{} \\^{}\n\n" 
+--- 
+name: named html entities to latex 
+in: "&hellip; &frac12;" 
+latex: "\ldots{} \sfrac{1}{2}\n\n" 
+--- 
+name: numeric html entities to latex 
+in: "&#8230; &#189;" 
+latex: "\ldots{} \sfrac{1}{2}\n\n"
+---
+name: unclosed pre tag
+in: '<pre><code>This is a pre that will go unfinished'
+html: '<pre><code>This is a pre that will go unfinished'
+valid_html: false
+---
+name: unclosed code tag
+in: 'This is a some <code>code that will go unfinished'
+html: '<p>This is a some <code>code that will go unfinished</p>'
+valid_html: false
+---
+name: code containing parentheses
+in: 'p. @some_method(some_params, some => test);@ Oh dear this fails'
+html: '<p><code>some_method(some_params, some =&gt; test);</code> Oh dear this fails</p>'

data/test/definitions.yml

@@ -0,0 +1,71 @@
+name: redcloth definition list
+in: |-
+  here is a RedCloth definition list:
+  
+  - yes := no
+  - no:=no
+  - maybe:= yes
+html: |-
+  <p>here is a RedCloth definition list:</p>
+  <dl>
+  	<dt>yes</dt>
+  	<dd>no</dd>
+  	<dt>no</dt>
+  	<dd>no</dd>
+  	<dt>maybe</dt>
+  	<dd>yes</dd>
+  </dl>
+---
+name: with line breaks
+in: |-
+  - term := you can have line breaks
+  just like other lists
+  - line-spanning
+  term := hey, slick!
+html: |-
+  <dl>
+  	<dt>term</dt>
+  	<dd>you can have line breaks<br />
+  just like other lists</dd>
+  	<dt>line-spanning<br />
+  term</dt>
+  	<dd>hey, slick!</dd>
+  </dl>
+---
+name: double terms
+in: |-
+  You can have multiple terms before a definition:
+
+  - textile
+  - fabric
+  - cloth := woven threads
+html: |-
+  <p>You can have multiple terms before a definition:</p>
+  <dl>
+  	<dt>textile</dt>
+  	<dt>fabric</dt>
+  	<dt>cloth</dt>
+  	<dd>woven threads</dd>
+  </dl>
+---
+name: long definition list
+in: |-
+  here is a long definition
+  
+  - some term := 
+  *sweet*
+  
+  yes
+  
+  ok =:
+  - regular term := no
+html: |-
+  <p>here is a long definition</p>
+  <dl>
+  	<dt>some term</dt>
+  	<dd><p><strong>sweet</strong></p>
+  <p>yes</p>
+  <p>ok</p></dd>
+  	<dt>regular term</dt>
+  	<dd>no</dd>
+  </dl>

data/test/extra_whitespace.yml

@@ -0,0 +1,64 @@
+---
+name: header with 1 blank line below
+in: |-
+  h1. Header
+
+  text
+html: |-
+  <h1>Header</h1>
+  <p>text</p>
+---
+name: header with 2 blank lines below
+in: |-
+  h1. Header
+  
+  
+  text
+html: |-
+  <h1>Header</h1>
+  <p>text</p>
+---
+name: header with 1 blank line above
+in: |-
+  text
+
+  h1. Header
+html: |-
+  <p>text</p>
+  <h1>Header</h1>
+---
+name: header with 2 blank lines above
+in: |-
+  text
+  
+  
+  h1. Header
+html: |-
+  <p>text</p>
+  <h1>Header</h1>
+---
+name: header with 1 blank line above and with no text
+in: |-
+
+  h1. Header
+html: <h1>Header</h1>
+---
+name: header with 2 blank lines above and with no text
+in: |-
+
+
+  h1. Header
+html: <h1>Header</h1>
+---
+name: header with 1 blank line below and with no text
+in: |+
+  h1. Header
+
+html: <h1>Header</h1>
+---
+name: header with 2 blank lines below and with no text
+in: |+
+  h1. Header
+
+
+html: <h1>Header</h1>

data/test/filter_html.yml

@@ -0,0 +1,177 @@
+---
+name: standalone html escaped
+in: |-
+  <hr>
+  <abc def="a=1&b=2">
+  <div>
+  <hr/>
+  <hr />
+  </div>
+filtered_html: |-
+  &lt;hr&gt;
+  &lt;abc def="a=1&amp;b=2"&gt;
+  &lt;div&gt;
+  &lt;hr/&gt;
+  &lt;hr /&gt;
+  &lt;/div&gt;
+---
+in:  Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script>
+filtered_html: <p>Just a little harmless xss &lt;script src=http://ha.ckers.org/xss.js&gt;&lt;/script&gt;</p>
+---
+name: escapes partial inline script tag
+desc: The end tag is malformed, but it must be escaped since a browser would recognize it
+in:  Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script
+filtered_html: <p>Just a little harmless xss &lt;script src=http://ha.ckers.org/xss.js&gt;&lt;/script</p>
+valid_html: false
+---
+name: escapes partial scanner-level script tag
+desc: The end tag is malformed, but it must be escaped since a browser would recognize it anyway.
+in: <script src=http://ha.ckers.org/xss.js></script
+filtered_html: '&lt;script src=http://ha.ckers.org/xss.js&gt;&lt;/script'
+valid_html: false
+---
+name: escapes self-closing scanner-level tag
+in: <hr />
+filtered_html: '&lt;hr /&gt;'
+valid_html: false
+---
+name: processes text beginning with space
+in: ' This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
+filtered_html: 'This should be &lt;b&gt;escaped&lt;/b&gt;: &lt;script type="text/javascript"&gt;alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");&lt;/script&gt;'
+---
+name: processes script tags beginning with space
+in: ' <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
+filtered_html: '&lt;script type="text/javascript"&gt;alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");&lt;/script&gt;'
+---
+name: processes text in notextile tags
+in: |-
+  <notextile>
+  This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>
+  </notextile>
+filtered_html: |-
+  This should be &lt;b&gt;escaped&lt;/b&gt;: &lt;script type="text/javascript"&gt;alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");&lt;/script&gt;
+---
+name: processes text in inline notextile tags
+in: |-
+  This should be <b>escaped</b>: <notextile><script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script></notextile>
+filtered_html: |-
+  <p>This should be &lt;b&gt;escaped&lt;/b&gt;: &lt;script type="text/javascript"&gt;alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");&lt;/script&gt;</p>
+---
+name: escapes script tags
+in: |-
+  <script type="text/javascript">
+    alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
+  </script>
+filtered_html: |-
+  &lt;script type="text/javascript"&gt;
+    alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
+  &lt;/script&gt;
+---
+name: escapes HTML entities within script tags
+in: |-
+  <script type="text/javascript">
+    <!--
+    document.write("Hello World!")
+    //-->
+  </script>
+filtered_html: |-
+  &lt;script type="text/javascript"&gt;
+    &lt;!--
+    document.write("Hello World!")
+    //--&gt;
+  &lt;/script&gt;
+---
+name: escapes inline html tags
+in: |-
+  p. Letting people inject their own HTML can be <em>dangerous</em>!.
+filtered_html: |-
+  <p>Letting people inject their own <span class="caps">HTML</span> can be &lt;em&gt;dangerous&lt;/em&gt;!.</p>
+---
+name: escapes html in comments
+in: |-
+  p. You can't have people injecting HTML into <!-- <b>comments</b>! -->.
+filtered_html: |-
+  <p>You can&#8217;t have people injecting <span class="caps">HTML</span> into &lt;!-- &lt;b&gt;comments&lt;/b&gt;! --&gt;.</p>
+---
+name: escapes html in inline code tags
+in: |-
+  p. I have some <code><em>awesome</em> code</code> here.
+filtered_html: |-
+  <p>I have some <code>&lt;em&gt;awesome&lt;/em&gt; code</code> here.</p>
+---
+name: escapes html notextile block
+in: |-
+  notextile. This is a <em>notextile</em> block.
+filtered_html: |-
+  This is a &lt;em&gt;notextile&lt;/em&gt; block.
+---
+name: escapes html in pre tags
+in: |-
+  <pre>
+  This should be <em>escaped</em>.
+  </pre>
+filtered_html: |-
+  <pre>
+  This should be &lt;em&gt;escaped&lt;/em&gt;.
+  </pre>
+---
+name: escapes html
+in: |-
+  <div>This should be escaped</div>
+filtered_html: |-
+  &lt;div&gt;This should be escaped&lt;/div&gt;
+---
+name: escapes html in html
+in: |-
+  <div>This should be <b>bold</b></div>
+filtered_html: |-
+  &lt;div&gt;This should be &lt;b&gt;bold&lt;/b&gt;&lt;/div&gt;
+---
+in: Here's a bad image <img src="JaVaScRiPt:alert('XSS');">
+filtered_html: <p>Here&#8217;s a bad image &lt;img src="JaVaScRiPt:alert('XSS');"&gt;</p>
+---
+in: Just some random > and < characters, but also a <br/> tag.
+filtered_html: <p>Just some random &gt; and &lt; characters, but also a &lt;br/&gt; tag.</p>
+---
+in: |-
+  Quotes outside "pre" tags are escaped.
+  
+  <a href="test">Tags are completely escaped outside pre tags.</a>
+
+  <pre>
+  <code>
+    # only < and > are escaped inside pre tags.  "Quotes" remain.
+
+    <div>
+      a = 1
+    </div>
+
+    Bad code here.
+
+    <script language="JavaScript">
+      window.open( "abfiltered_html:blank" );
+    </script>
+  </code>
+  </pre>
+
+filtered_html: |-
+  <p>Quotes outside &#8220;pre&#8221; tags are escaped.</p>
+  <p>&lt;a href="test"&gt;Tags are completely escaped outside pre tags.&lt;/a&gt;</p>
+  <pre>
+  <code>
+    # only &lt; and &gt; are escaped inside pre tags.  "Quotes" remain.
+
+    &lt;div&gt;
+      a = 1
+    &lt;/div&gt;
+
+    Bad code here.
+
+    &lt;script language="JavaScript"&gt;
+      window.open( "abfiltered_html:blank" );
+    &lt;/script&gt;
+  </code>
+  </pre>
+---
+in: /me <3 beer
+filtered_html: <p>/me &lt;3 beer</p>