RedCloth 4.0.0-x86-mswin32-60
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of RedCloth might be problematic. Click here for more details.
- data/CHANGELOG +17 -0
- data/COPYING +18 -0
- data/README +156 -0
- data/Rakefile +240 -0
- data/bin/redcloth +28 -0
- data/ext/redcloth_scan/extconf.rb +9 -0
- data/ext/redcloth_scan/redcloth.h +149 -0
- data/ext/redcloth_scan/redcloth_attributes.c +650 -0
- data/ext/redcloth_scan/redcloth_attributes.rl +78 -0
- data/ext/redcloth_scan/redcloth_common.rl +113 -0
- data/ext/redcloth_scan/redcloth_inline.c +5102 -0
- data/ext/redcloth_scan/redcloth_inline.rl +282 -0
- data/ext/redcloth_scan/redcloth_scan.c +9300 -0
- data/ext/redcloth_scan/redcloth_scan.rl +523 -0
- data/extras/mingw-rbconfig.rb +176 -0
- data/extras/ragel_profiler.rb +73 -0
- data/lib/redcloth.rb +24 -0
- data/lib/redcloth/formatters/base.rb +50 -0
- data/lib/redcloth/formatters/html.rb +342 -0
- data/lib/redcloth/formatters/latex.rb +227 -0
- data/lib/redcloth/formatters/latex_entities.yml +2414 -0
- data/lib/redcloth/textile_doc.rb +105 -0
- data/lib/redcloth/version.rb +18 -0
- data/lib/redcloth_scan.bundle +0 -0
- data/lib/redcloth_scan.so +0 -0
- data/test/basic.yml +794 -0
- data/test/code.yml +195 -0
- data/test/definitions.yml +71 -0
- data/test/extra_whitespace.yml +64 -0
- data/test/filter_html.yml +177 -0
- data/test/filter_pba.yml +12 -0
- data/test/helper.rb +108 -0
- data/test/html.yml +271 -0
- data/test/images.yml +202 -0
- data/test/instiki.yml +38 -0
- data/test/links.yml +214 -0
- data/test/lists.yml +283 -0
- data/test/poignant.yml +89 -0
- data/test/sanitize_html.yml +42 -0
- data/test/table.yml +267 -0
- data/test/test_custom_tags.rb +46 -0
- data/test/test_extensions.rb +31 -0
- data/test/test_formatters.rb +15 -0
- data/test/test_parser.rb +68 -0
- data/test/test_restrictions.rb +41 -0
- data/test/textism.yml +480 -0
- data/test/threshold.yml +772 -0
- data/test/validate_fixtures.rb +73 -0
- metadata +104 -0
data/test/code.yml
ADDED
@@ -0,0 +1,195 @@
|
|
1
|
+
---
|
2
|
+
name: inline code
|
3
|
+
in: 'This is an empty dictionary: @{}@'
|
4
|
+
html: '<p>This is an empty dictionary: <code>{}</code></p>'
|
5
|
+
---
|
6
|
+
name: inline code escapement
|
7
|
+
in: 'Please type @cat "file.txt" > otherfile.txt@ at the prompt.'
|
8
|
+
html: '<p>Please type <code>cat "file.txt" > otherfile.txt</code> at the prompt.</p>'
|
9
|
+
---
|
10
|
+
name: inline code escapement with digits
|
11
|
+
in: |-
|
12
|
+
Regex-based string substitution with Ruby's gsub!: @"123<789".gsub!(/</, "") => "123789"@
|
13
|
+
html: |-
|
14
|
+
<p>Regex-based string substitution with Ruby’s gsub!: <code>"123<789".gsub!(/</, "") => "123789"</code></p>
|
15
|
+
---
|
16
|
+
name: inlne code escapement describing textile paragraph styling
|
17
|
+
in: 'This paragraph is aligned left but if you add this: @p>.@ to the beginning it will be aligned right.'
|
18
|
+
html: '<p>This paragraph is aligned left but if you add this: <code>p>.</code> to the beginning it will be aligned right.</p>'
|
19
|
+
---
|
20
|
+
name: escaping in blockcode
|
21
|
+
in: 'bc. This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag if you wish and it will be properly escaped.'
|
22
|
+
html: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag if you wish and it will be properly escaped.</code></pre>'
|
23
|
+
---
|
24
|
+
name: escaping in pre
|
25
|
+
in: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag in pre tags too.</code></pre>'
|
26
|
+
html: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag in pre tags too.</code></pre>'
|
27
|
+
---
|
28
|
+
name: escaping in normal text
|
29
|
+
in: |-
|
30
|
+
This is a regular paragraph. AT&T. £38 > $38.
|
31
|
+
html: |-
|
32
|
+
<p>This is a regular paragraph. AT&T. £38 > $38.</p>
|
33
|
+
latex: "This is a regular paragraph. AT\\&T. \\pounds{}38 \\textgreater{} \\$38.\n\n"
|
34
|
+
---
|
35
|
+
name: preservation of existing entities
|
36
|
+
in: "Math fact: 3 < 5 & 5 > 3 but £6 > $6. Oh, and 2 ÷ 4 is ½."
|
37
|
+
html: "<p>Math fact: 3 < 5 & 5 > 3 but £6 > $6. Oh, and 2 ÷ 4 is ½.</p>"
|
38
|
+
latex: "Math fact: 3 \\textless{} 5 \\& 5 \\textgreater{} 3 but \\pounds{}6 \\textgreater{} \\$6. Oh, and 2 \\textdiv{} 4 is \\sfrac{1}{2}.\n\n"
|
39
|
+
---
|
40
|
+
name: escaping of existing entities in blockcode
|
41
|
+
in: "bc. Math fact: 3 < 5 & 5 > 3 but £5 > $5.
|
42
|
+
"
|
43
|
+
html: "<pre><code>Math fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;5 &#62; $5.</code></pre>"
|
44
|
+
latex: "\\begin{verbatim}\nMath fact: 3 < 5 & 5 > 3 but £5 > $5.\\end{verbatim}\n"
|
45
|
+
---
|
46
|
+
name: no formatting within pre
|
47
|
+
in: |-
|
48
|
+
<pre>
|
49
|
+
<code>
|
50
|
+
# *test*
|
51
|
+
__not italics__
|
52
|
+
no hard breaks
|
53
|
+
</code>
|
54
|
+
</pre>
|
55
|
+
html: |-
|
56
|
+
<pre>
|
57
|
+
<code>
|
58
|
+
# *test*
|
59
|
+
__not italics__
|
60
|
+
no hard breaks
|
61
|
+
</code>
|
62
|
+
</pre>
|
63
|
+
---
|
64
|
+
name: no formatting within blockcode
|
65
|
+
in: |-
|
66
|
+
bc. __not italics__
|
67
|
+
html: |-
|
68
|
+
<pre><code>__not italics__</code></pre>
|
69
|
+
---
|
70
|
+
name: double-equals as inline notextile
|
71
|
+
in: |-
|
72
|
+
p. Regular paragraph
|
73
|
+
|
74
|
+
==Escaped portion -- will not be formatted by Textile at all==
|
75
|
+
|
76
|
+
p. Back to normal.
|
77
|
+
html: |-
|
78
|
+
<p>Regular paragraph</p>
|
79
|
+
<p>Escaped portion -- will not be formatted by Textile at all</p>
|
80
|
+
<p>Back to normal.</p>
|
81
|
+
---
|
82
|
+
name: notextile tags
|
83
|
+
in: |-
|
84
|
+
<notextile>
|
85
|
+
# *test*
|
86
|
+
</notextile>
|
87
|
+
html: |-
|
88
|
+
# *test*
|
89
|
+
valid_html: false
|
90
|
+
---
|
91
|
+
name: unfinished notextile tag
|
92
|
+
in: |-
|
93
|
+
<notextile>
|
94
|
+
# *test*
|
95
|
+
html: |-
|
96
|
+
# *test*
|
97
|
+
valid_html: false
|
98
|
+
---
|
99
|
+
name: unfinished script tag
|
100
|
+
in: |-
|
101
|
+
<script>
|
102
|
+
function main(){}
|
103
|
+
html: |-
|
104
|
+
<script><br />
|
105
|
+
function main(){}
|
106
|
+
valid_html: false
|
107
|
+
---
|
108
|
+
name: inline notextile tags
|
109
|
+
in: 'This is how you make a link: <notextile>"link":http://www.redcloth.org</notextile>'
|
110
|
+
html: '<p>This is how you make a link: "link":http://www.redcloth.org</p>'
|
111
|
+
---
|
112
|
+
name: code in list items
|
113
|
+
in: |-
|
114
|
+
* @foo@
|
115
|
+
* @bar@
|
116
|
+
* and @x@ is also.
|
117
|
+
|
118
|
+
html: |-
|
119
|
+
<ul>
|
120
|
+
<li><code>foo</code></li>
|
121
|
+
<li><code>bar</code></li>
|
122
|
+
<li>and <code>x</code> is also.</li>
|
123
|
+
</ul>
|
124
|
+
---
|
125
|
+
name: extended block code
|
126
|
+
in: |-
|
127
|
+
If you have a line or two of code or HTML to embed, use extended block code like so:
|
128
|
+
|
129
|
+
bc.. ./foo.pl%
|
130
|
+
<p>foo outputs an HTML paragraph</p>
|
131
|
+
|
132
|
+
<p>block of code keeps going until a different block signature is encountered</p>
|
133
|
+
|
134
|
+
p. And then go back with a normal paragraph.
|
135
|
+
html: |-
|
136
|
+
<p>If you have a line or two of code or <span class="caps">HTML</span> to embed, use extended block code like so:</p>
|
137
|
+
<pre><code>./foo.pl%
|
138
|
+
<p>foo outputs an HTML paragraph</p></code>
|
139
|
+
|
140
|
+
<code><p>block of code keeps going until a different block signature is encountered</p></code>
|
141
|
+
|
142
|
+
</pre>
|
143
|
+
<p>And then go back with a normal paragraph.</p>
|
144
|
+
---
|
145
|
+
name: block code containing code avoids nesting code tags
|
146
|
+
in: |-
|
147
|
+
bc. A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@
|
148
|
+
html: |-
|
149
|
+
<pre><code>A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@</code></pre>
|
150
|
+
---
|
151
|
+
name: block code containing block start
|
152
|
+
in: |-
|
153
|
+
bc. I saw a ship. It ate my elephant.
|
154
|
+
html: |-
|
155
|
+
<pre><code>I saw a ship. It ate my elephant.</code></pre>
|
156
|
+
---
|
157
|
+
name: extended block code containing block start
|
158
|
+
in: |-
|
159
|
+
bc.. This is an extended bc.
|
160
|
+
|
161
|
+
I saw a ship. It ate my elephant.
|
162
|
+
html: |-
|
163
|
+
<pre><code>This is an extended bc.</code>
|
164
|
+
|
165
|
+
<code>I saw a ship. It ate my elephant.</code></pre>
|
166
|
+
---
|
167
|
+
name: escape latex standard symbols
|
168
|
+
in: "standard symbols # $ % & _ { }"
|
169
|
+
latex: "standard symbols \\# \\$ \\% \\& \\_ \\{ \\}\n\n"
|
170
|
+
---
|
171
|
+
name: escape latex text symbols
|
172
|
+
in: "text symbols \\ ~ ^"
|
173
|
+
latex: "text symbols \\textbackslash{} \\~{} \\^{}\n\n"
|
174
|
+
---
|
175
|
+
name: named html entities to latex
|
176
|
+
in: "… ½"
|
177
|
+
latex: "\ldots{} \sfrac{1}{2}\n\n"
|
178
|
+
---
|
179
|
+
name: numeric html entities to latex
|
180
|
+
in: "… ½"
|
181
|
+
latex: "\ldots{} \sfrac{1}{2}\n\n"
|
182
|
+
---
|
183
|
+
name: unclosed pre tag
|
184
|
+
in: '<pre><code>This is a pre that will go unfinished'
|
185
|
+
html: '<pre><code>This is a pre that will go unfinished'
|
186
|
+
valid_html: false
|
187
|
+
---
|
188
|
+
name: unclosed code tag
|
189
|
+
in: 'This is a some <code>code that will go unfinished'
|
190
|
+
html: '<p>This is a some <code>code that will go unfinished</p>'
|
191
|
+
valid_html: false
|
192
|
+
---
|
193
|
+
name: code containing parentheses
|
194
|
+
in: 'p. @some_method(some_params, some => test);@ Oh dear this fails'
|
195
|
+
html: '<p><code>some_method(some_params, some => test);</code> Oh dear this fails</p>'
|
@@ -0,0 +1,71 @@
|
|
1
|
+
name: redcloth definition list
|
2
|
+
in: |-
|
3
|
+
here is a RedCloth definition list:
|
4
|
+
|
5
|
+
- yes := no
|
6
|
+
- no:=no
|
7
|
+
- maybe:= yes
|
8
|
+
html: |-
|
9
|
+
<p>here is a RedCloth definition list:</p>
|
10
|
+
<dl>
|
11
|
+
<dt>yes</dt>
|
12
|
+
<dd>no</dd>
|
13
|
+
<dt>no</dt>
|
14
|
+
<dd>no</dd>
|
15
|
+
<dt>maybe</dt>
|
16
|
+
<dd>yes</dd>
|
17
|
+
</dl>
|
18
|
+
---
|
19
|
+
name: with line breaks
|
20
|
+
in: |-
|
21
|
+
- term := you can have line breaks
|
22
|
+
just like other lists
|
23
|
+
- line-spanning
|
24
|
+
term := hey, slick!
|
25
|
+
html: |-
|
26
|
+
<dl>
|
27
|
+
<dt>term</dt>
|
28
|
+
<dd>you can have line breaks<br />
|
29
|
+
just like other lists</dd>
|
30
|
+
<dt>line-spanning<br />
|
31
|
+
term</dt>
|
32
|
+
<dd>hey, slick!</dd>
|
33
|
+
</dl>
|
34
|
+
---
|
35
|
+
name: double terms
|
36
|
+
in: |-
|
37
|
+
You can have multiple terms before a definition:
|
38
|
+
|
39
|
+
- textile
|
40
|
+
- fabric
|
41
|
+
- cloth := woven threads
|
42
|
+
html: |-
|
43
|
+
<p>You can have multiple terms before a definition:</p>
|
44
|
+
<dl>
|
45
|
+
<dt>textile</dt>
|
46
|
+
<dt>fabric</dt>
|
47
|
+
<dt>cloth</dt>
|
48
|
+
<dd>woven threads</dd>
|
49
|
+
</dl>
|
50
|
+
---
|
51
|
+
name: long definition list
|
52
|
+
in: |-
|
53
|
+
here is a long definition
|
54
|
+
|
55
|
+
- some term :=
|
56
|
+
*sweet*
|
57
|
+
|
58
|
+
yes
|
59
|
+
|
60
|
+
ok =:
|
61
|
+
- regular term := no
|
62
|
+
html: |-
|
63
|
+
<p>here is a long definition</p>
|
64
|
+
<dl>
|
65
|
+
<dt>some term</dt>
|
66
|
+
<dd><p><strong>sweet</strong></p>
|
67
|
+
<p>yes</p>
|
68
|
+
<p>ok</p></dd>
|
69
|
+
<dt>regular term</dt>
|
70
|
+
<dd>no</dd>
|
71
|
+
</dl>
|
@@ -0,0 +1,64 @@
|
|
1
|
+
---
|
2
|
+
name: header with 1 blank line below
|
3
|
+
in: |-
|
4
|
+
h1. Header
|
5
|
+
|
6
|
+
text
|
7
|
+
html: |-
|
8
|
+
<h1>Header</h1>
|
9
|
+
<p>text</p>
|
10
|
+
---
|
11
|
+
name: header with 2 blank lines below
|
12
|
+
in: |-
|
13
|
+
h1. Header
|
14
|
+
|
15
|
+
|
16
|
+
text
|
17
|
+
html: |-
|
18
|
+
<h1>Header</h1>
|
19
|
+
<p>text</p>
|
20
|
+
---
|
21
|
+
name: header with 1 blank line above
|
22
|
+
in: |-
|
23
|
+
text
|
24
|
+
|
25
|
+
h1. Header
|
26
|
+
html: |-
|
27
|
+
<p>text</p>
|
28
|
+
<h1>Header</h1>
|
29
|
+
---
|
30
|
+
name: header with 2 blank lines above
|
31
|
+
in: |-
|
32
|
+
text
|
33
|
+
|
34
|
+
|
35
|
+
h1. Header
|
36
|
+
html: |-
|
37
|
+
<p>text</p>
|
38
|
+
<h1>Header</h1>
|
39
|
+
---
|
40
|
+
name: header with 1 blank line above and with no text
|
41
|
+
in: |-
|
42
|
+
|
43
|
+
h1. Header
|
44
|
+
html: <h1>Header</h1>
|
45
|
+
---
|
46
|
+
name: header with 2 blank lines above and with no text
|
47
|
+
in: |-
|
48
|
+
|
49
|
+
|
50
|
+
h1. Header
|
51
|
+
html: <h1>Header</h1>
|
52
|
+
---
|
53
|
+
name: header with 1 blank line below and with no text
|
54
|
+
in: |+
|
55
|
+
h1. Header
|
56
|
+
|
57
|
+
html: <h1>Header</h1>
|
58
|
+
---
|
59
|
+
name: header with 2 blank lines below and with no text
|
60
|
+
in: |+
|
61
|
+
h1. Header
|
62
|
+
|
63
|
+
|
64
|
+
html: <h1>Header</h1>
|
@@ -0,0 +1,177 @@
|
|
1
|
+
---
|
2
|
+
name: standalone html escaped
|
3
|
+
in: |-
|
4
|
+
<hr>
|
5
|
+
<abc def="a=1&b=2">
|
6
|
+
<div>
|
7
|
+
<hr/>
|
8
|
+
<hr />
|
9
|
+
</div>
|
10
|
+
filtered_html: |-
|
11
|
+
<hr>
|
12
|
+
<abc def="a=1&b=2">
|
13
|
+
<div>
|
14
|
+
<hr/>
|
15
|
+
<hr />
|
16
|
+
</div>
|
17
|
+
---
|
18
|
+
in: Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script>
|
19
|
+
filtered_html: <p>Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script></p>
|
20
|
+
---
|
21
|
+
name: escapes partial inline script tag
|
22
|
+
desc: The end tag is malformed, but it must be escaped since a browser would recognize it
|
23
|
+
in: Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script
|
24
|
+
filtered_html: <p>Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script</p>
|
25
|
+
valid_html: false
|
26
|
+
---
|
27
|
+
name: escapes partial scanner-level script tag
|
28
|
+
desc: The end tag is malformed, but it must be escaped since a browser would recognize it anyway.
|
29
|
+
in: <script src=http://ha.ckers.org/xss.js></script
|
30
|
+
filtered_html: '<script src=http://ha.ckers.org/xss.js></script'
|
31
|
+
valid_html: false
|
32
|
+
---
|
33
|
+
name: escapes self-closing scanner-level tag
|
34
|
+
in: <hr />
|
35
|
+
filtered_html: '<hr />'
|
36
|
+
valid_html: false
|
37
|
+
---
|
38
|
+
name: processes text beginning with space
|
39
|
+
in: ' This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
40
|
+
filtered_html: 'This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
41
|
+
---
|
42
|
+
name: processes script tags beginning with space
|
43
|
+
in: ' <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
44
|
+
filtered_html: '<script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
45
|
+
---
|
46
|
+
name: processes text in notextile tags
|
47
|
+
in: |-
|
48
|
+
<notextile>
|
49
|
+
This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>
|
50
|
+
</notextile>
|
51
|
+
filtered_html: |-
|
52
|
+
This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>
|
53
|
+
---
|
54
|
+
name: processes text in inline notextile tags
|
55
|
+
in: |-
|
56
|
+
This should be <b>escaped</b>: <notextile><script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script></notextile>
|
57
|
+
filtered_html: |-
|
58
|
+
<p>This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script></p>
|
59
|
+
---
|
60
|
+
name: escapes script tags
|
61
|
+
in: |-
|
62
|
+
<script type="text/javascript">
|
63
|
+
alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
|
64
|
+
</script>
|
65
|
+
filtered_html: |-
|
66
|
+
<script type="text/javascript">
|
67
|
+
alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
|
68
|
+
</script>
|
69
|
+
---
|
70
|
+
name: escapes HTML entities within script tags
|
71
|
+
in: |-
|
72
|
+
<script type="text/javascript">
|
73
|
+
<!--
|
74
|
+
document.write("Hello World!")
|
75
|
+
//-->
|
76
|
+
</script>
|
77
|
+
filtered_html: |-
|
78
|
+
<script type="text/javascript">
|
79
|
+
<!--
|
80
|
+
document.write("Hello World!")
|
81
|
+
//-->
|
82
|
+
</script>
|
83
|
+
---
|
84
|
+
name: escapes inline html tags
|
85
|
+
in: |-
|
86
|
+
p. Letting people inject their own HTML can be <em>dangerous</em>!.
|
87
|
+
filtered_html: |-
|
88
|
+
<p>Letting people inject their own <span class="caps">HTML</span> can be <em>dangerous</em>!.</p>
|
89
|
+
---
|
90
|
+
name: escapes html in comments
|
91
|
+
in: |-
|
92
|
+
p. You can't have people injecting HTML into <!-- <b>comments</b>! -->.
|
93
|
+
filtered_html: |-
|
94
|
+
<p>You can’t have people injecting <span class="caps">HTML</span> into <!-- <b>comments</b>! -->.</p>
|
95
|
+
---
|
96
|
+
name: escapes html in inline code tags
|
97
|
+
in: |-
|
98
|
+
p. I have some <code><em>awesome</em> code</code> here.
|
99
|
+
filtered_html: |-
|
100
|
+
<p>I have some <code><em>awesome</em> code</code> here.</p>
|
101
|
+
---
|
102
|
+
name: escapes html notextile block
|
103
|
+
in: |-
|
104
|
+
notextile. This is a <em>notextile</em> block.
|
105
|
+
filtered_html: |-
|
106
|
+
This is a <em>notextile</em> block.
|
107
|
+
---
|
108
|
+
name: escapes html in pre tags
|
109
|
+
in: |-
|
110
|
+
<pre>
|
111
|
+
This should be <em>escaped</em>.
|
112
|
+
</pre>
|
113
|
+
filtered_html: |-
|
114
|
+
<pre>
|
115
|
+
This should be <em>escaped</em>.
|
116
|
+
</pre>
|
117
|
+
---
|
118
|
+
name: escapes html
|
119
|
+
in: |-
|
120
|
+
<div>This should be escaped</div>
|
121
|
+
filtered_html: |-
|
122
|
+
<div>This should be escaped</div>
|
123
|
+
---
|
124
|
+
name: escapes html in html
|
125
|
+
in: |-
|
126
|
+
<div>This should be <b>bold</b></div>
|
127
|
+
filtered_html: |-
|
128
|
+
<div>This should be <b>bold</b></div>
|
129
|
+
---
|
130
|
+
in: Here's a bad image <img src="JaVaScRiPt:alert('XSS');">
|
131
|
+
filtered_html: <p>Here’s a bad image <img src="JaVaScRiPt:alert('XSS');"></p>
|
132
|
+
---
|
133
|
+
in: Just some random > and < characters, but also a <br/> tag.
|
134
|
+
filtered_html: <p>Just some random > and < characters, but also a <br/> tag.</p>
|
135
|
+
---
|
136
|
+
in: |-
|
137
|
+
Quotes outside "pre" tags are escaped.
|
138
|
+
|
139
|
+
<a href="test">Tags are completely escaped outside pre tags.</a>
|
140
|
+
|
141
|
+
<pre>
|
142
|
+
<code>
|
143
|
+
# only < and > are escaped inside pre tags. "Quotes" remain.
|
144
|
+
|
145
|
+
<div>
|
146
|
+
a = 1
|
147
|
+
</div>
|
148
|
+
|
149
|
+
Bad code here.
|
150
|
+
|
151
|
+
<script language="JavaScript">
|
152
|
+
window.open( "abfiltered_html:blank" );
|
153
|
+
</script>
|
154
|
+
</code>
|
155
|
+
</pre>
|
156
|
+
|
157
|
+
filtered_html: |-
|
158
|
+
<p>Quotes outside “pre” tags are escaped.</p>
|
159
|
+
<p><a href="test">Tags are completely escaped outside pre tags.</a></p>
|
160
|
+
<pre>
|
161
|
+
<code>
|
162
|
+
# only < and > are escaped inside pre tags. "Quotes" remain.
|
163
|
+
|
164
|
+
<div>
|
165
|
+
a = 1
|
166
|
+
</div>
|
167
|
+
|
168
|
+
Bad code here.
|
169
|
+
|
170
|
+
<script language="JavaScript">
|
171
|
+
window.open( "abfiltered_html:blank" );
|
172
|
+
</script>
|
173
|
+
</code>
|
174
|
+
</pre>
|
175
|
+
---
|
176
|
+
in: /me <3 beer
|
177
|
+
filtered_html: <p>/me <3 beer</p>
|