gv-RedCloth 4.2.9
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemtest +0 -0
- data/.rspec +1 -0
- data/CHANGELOG +261 -0
- data/COPYING +18 -0
- data/Gemfile +7 -0
- data/README.rdoc +198 -0
- data/Rakefile +18 -0
- data/bin/redcloth +28 -0
- data/doc/textile_reference.html +631 -0
- data/ext/redcloth_scan/extconf.rb +6 -0
- data/ext/redcloth_scan/redcloth.h +220 -0
- data/ext/redcloth_scan/redcloth_attributes.c +650 -0
- data/ext/redcloth_scan/redcloth_inline.c +7952 -0
- data/ext/redcloth_scan/redcloth_scan.c +24407 -0
- data/lib/case_sensitive_require/RedCloth.rb +6 -0
- data/lib/redcloth.rb +45 -0
- data/lib/redcloth/erb_extension.rb +27 -0
- data/lib/redcloth/formatters/base.rb +63 -0
- data/lib/redcloth/formatters/html.rb +345 -0
- data/lib/redcloth/formatters/latex.rb +322 -0
- data/lib/redcloth/formatters/latex_entities.yml +2414 -0
- data/lib/redcloth/textile_doc.rb +103 -0
- data/lib/redcloth/version.rb +34 -0
- data/lib/tasks/pureruby.rake +17 -0
- data/redcloth.gemspec +52 -0
- data/spec/benchmark_spec.rb +15 -0
- data/spec/custom_tags_spec.rb +50 -0
- data/spec/erb_spec.rb +10 -0
- data/spec/extension_spec.rb +26 -0
- data/spec/fixtures/basic.yml +1028 -0
- data/spec/fixtures/code.yml +257 -0
- data/spec/fixtures/definitions.yml +82 -0
- data/spec/fixtures/extra_whitespace.yml +64 -0
- data/spec/fixtures/filter_html.yml +177 -0
- data/spec/fixtures/filter_pba.yml +20 -0
- data/spec/fixtures/html.yml +348 -0
- data/spec/fixtures/images.yml +279 -0
- data/spec/fixtures/instiki.yml +38 -0
- data/spec/fixtures/links.yml +291 -0
- data/spec/fixtures/lists.yml +462 -0
- data/spec/fixtures/poignant.yml +89 -0
- data/spec/fixtures/sanitize_html.yml +42 -0
- data/spec/fixtures/table.yml +434 -0
- data/spec/fixtures/textism.yml +509 -0
- data/spec/fixtures/threshold.yml +762 -0
- data/spec/formatters/class_filtered_html_spec.rb +7 -0
- data/spec/formatters/filtered_html_spec.rb +7 -0
- data/spec/formatters/html_no_breaks_spec.rb +9 -0
- data/spec/formatters/html_spec.rb +13 -0
- data/spec/formatters/id_filtered_html_spec.rb +7 -0
- data/spec/formatters/latex_spec.rb +13 -0
- data/spec/formatters/lite_mode_html_spec.rb +7 -0
- data/spec/formatters/no_span_caps_html_spec.rb +7 -0
- data/spec/formatters/sanitized_html_spec.rb +7 -0
- data/spec/formatters/style_filtered_html_spec.rb +7 -0
- data/spec/parser_spec.rb +102 -0
- data/spec/spec_helper.rb +36 -0
- data/tasks/compile.rake +47 -0
- data/tasks/gems.rake +37 -0
- data/tasks/ragel_extension_task.rb +127 -0
- data/tasks/release.rake +15 -0
- data/tasks/rspec.rake +13 -0
- data/tasks/rvm.rake +79 -0
- metadata +227 -0
@@ -0,0 +1,257 @@
|
|
1
|
+
---
|
2
|
+
name: inline code
|
3
|
+
in: 'This is an empty dictionary: @{}@'
|
4
|
+
html: '<p>This is an empty dictionary: <code>{}</code></p>'
|
5
|
+
latex: "This is an empty dictionary: \\verb@{}@\n\n"
|
6
|
+
---
|
7
|
+
name: inline snip
|
8
|
+
in: "The ```command``` is here."
|
9
|
+
html: "<p>The <pre><code>command</code></pre>\n is here.</p>"
|
10
|
+
latex: "The \\verb`command` is here.\n\n"
|
11
|
+
---
|
12
|
+
name: inline code escapement
|
13
|
+
in: 'Please type @cat "file.txt" > otherfile.txt@ at the prompt.'
|
14
|
+
html: '<p>Please type <code>cat "file.txt" > otherfile.txt</code> at the prompt.</p>'
|
15
|
+
latex: "Please type \\verb@cat \"file.txt\" > otherfile.txt@ at the prompt.\n\n"
|
16
|
+
---
|
17
|
+
name: inline code escapement with digits
|
18
|
+
in: |-
|
19
|
+
Regex-based string substitution with Ruby's gsub!: @"123<789".gsub!(/</, "") => "123789"@
|
20
|
+
html: |-
|
21
|
+
<p>Regex-based string substitution with Ruby’s gsub!: <code>"123<789".gsub!(/</, "") => "123789"</code></p>
|
22
|
+
latex: |+
|
23
|
+
Regex-based string substitution with Ruby's gsub!: \verb@"123<789".gsub!(/</, "") => "123789"@
|
24
|
+
|
25
|
+
---
|
26
|
+
name: inlne code escapement describing textile paragraph styling
|
27
|
+
in: 'This paragraph is aligned left but if you add this: @p>.@ to the beginning it will be aligned right.'
|
28
|
+
html: '<p>This paragraph is aligned left but if you add this: <code>p>.</code> to the beginning it will be aligned right.</p>'
|
29
|
+
latex: "This paragraph is aligned left but if you add this: \\verb@p>.@ to the beginning it will be aligned right.\n\n"
|
30
|
+
---
|
31
|
+
name: escapes code snippet containing html tag
|
32
|
+
in: 'At the top of each page, please put @<h2>Title</h2>@ in the HTML.'
|
33
|
+
html: '<p>At the top of each page, please put <code><h2>Title</h2></code> in the <span class="caps">HTML</span>.</p>'
|
34
|
+
latex: "At the top of each page, please put \\verb@<h2>Title</h2>@ in the HTML.\n\n"
|
35
|
+
---
|
36
|
+
name: escaping in blockcode
|
37
|
+
in: 'bc. This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag if you wish and it will be properly escaped.'
|
38
|
+
html: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag if you wish and it will be properly escaped.</code></pre>'
|
39
|
+
---
|
40
|
+
name: escaping in pre
|
41
|
+
in: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag in pre tags too.</code></pre>'
|
42
|
+
html: '<pre><code>This is within a block of code, so < and > should be entities. You can talk about a <p class="foo"> tag in pre tags too.</code></pre>'
|
43
|
+
---
|
44
|
+
name: escaping in normal text
|
45
|
+
in: |-
|
46
|
+
This is a regular paragraph. AT&T. £38 > $38.
|
47
|
+
html: |-
|
48
|
+
<p>This is a regular paragraph. AT&T. £38 > $38.</p>
|
49
|
+
latex: "This is a regular paragraph. AT\\&T. \\pounds{}38 \\textgreater{} \\$38.\n\n"
|
50
|
+
---
|
51
|
+
name: preservation of existing entities
|
52
|
+
in: "Math fact: 3 < 5 & 5 > 3 but £6 > $6. Oh, and 2 ÷ 4 is ½."
|
53
|
+
html: "<p>Math fact: 3 < 5 & 5 > 3 but £6 > $6. Oh, and 2 ÷ 4 is ½.</p>"
|
54
|
+
latex: "Math fact: 3 \\textless{} 5 \\& 5 \\textgreater{} 3 but \\pounds{}6 \\textgreater{} \\$6. Oh, and 2 \\textdiv{} 4 is \\sfrac{1}{2}.\n\n"
|
55
|
+
---
|
56
|
+
name: escaping of existing entities in blockcode
|
57
|
+
in: "bc. Math fact: 3 < 5 & 5 > 3 but £5 > $5."
|
58
|
+
html: "<pre><code>Math fact: 3 &lt; 5 &amp; 5 &gt; 3 but &pound;5 &#62; $5.</code></pre>"
|
59
|
+
latex: "\\begin{verbatim}\nMath fact: 3 < 5 & 5 > 3 but £5 > $5.\\end{verbatim}\n"
|
60
|
+
---
|
61
|
+
name: no formatting within pre
|
62
|
+
in: |-
|
63
|
+
<pre>
|
64
|
+
<code>
|
65
|
+
# *test*
|
66
|
+
__not italics__
|
67
|
+
no hard breaks
|
68
|
+
</code>
|
69
|
+
</pre>
|
70
|
+
html: |-
|
71
|
+
<pre>
|
72
|
+
<code>
|
73
|
+
# *test*
|
74
|
+
__not italics__
|
75
|
+
no hard breaks
|
76
|
+
</code>
|
77
|
+
</pre>
|
78
|
+
---
|
79
|
+
name: no formatting within blockcode
|
80
|
+
in: |-
|
81
|
+
bc. __not italics__
|
82
|
+
html: |-
|
83
|
+
<pre><code>__not italics__</code></pre>
|
84
|
+
---
|
85
|
+
name: double-equals as inline notextile
|
86
|
+
in: |-
|
87
|
+
p. Regular paragraph
|
88
|
+
|
89
|
+
==Escaped portion -- will not be formatted by Textile at all==
|
90
|
+
|
91
|
+
p. Back to normal.
|
92
|
+
html: |-
|
93
|
+
<p>Regular paragraph</p>
|
94
|
+
<p>Escaped portion -- will not be formatted by Textile at all</p>
|
95
|
+
<p>Back to normal.</p>
|
96
|
+
---
|
97
|
+
name: notextile tags
|
98
|
+
in: |-
|
99
|
+
<notextile>
|
100
|
+
# *test*
|
101
|
+
</notextile>
|
102
|
+
html: |-
|
103
|
+
# *test*
|
104
|
+
valid_html: false
|
105
|
+
---
|
106
|
+
name: unfinished notextile tag
|
107
|
+
in: |-
|
108
|
+
<notextile>
|
109
|
+
# *test*
|
110
|
+
html: |-
|
111
|
+
<p><notextile></p>
|
112
|
+
<ol>
|
113
|
+
<li><strong>test</strong></li>
|
114
|
+
</ol>
|
115
|
+
valid_html: false
|
116
|
+
---
|
117
|
+
name: unfinished script tag
|
118
|
+
in: |-
|
119
|
+
<script>
|
120
|
+
function main(){}
|
121
|
+
html: |-
|
122
|
+
<script><br />
|
123
|
+
function main(){}
|
124
|
+
valid_html: false
|
125
|
+
---
|
126
|
+
name: inline notextile tags
|
127
|
+
in: 'This is how you make a link: <notextile>"link":http://www.redcloth.org</notextile>'
|
128
|
+
html: '<p>This is how you make a link: "link":http://www.redcloth.org</p>'
|
129
|
+
---
|
130
|
+
name: code in list items
|
131
|
+
in: |-
|
132
|
+
* @foo@
|
133
|
+
* @bar@
|
134
|
+
* and @x@ is also.
|
135
|
+
|
136
|
+
html: |-
|
137
|
+
<ul>
|
138
|
+
<li><code>foo</code></li>
|
139
|
+
<li><code>bar</code></li>
|
140
|
+
<li>and <code>x</code> is also.</li>
|
141
|
+
</ul>
|
142
|
+
latex: |+
|
143
|
+
\begin{itemize}
|
144
|
+
\item \verb@foo@
|
145
|
+
\item \verb@bar@
|
146
|
+
\item and \verb@x@ is also.
|
147
|
+
\end{itemize}
|
148
|
+
|
149
|
+
---
|
150
|
+
name: extended block code
|
151
|
+
in: |-
|
152
|
+
If you have a line or two of code or HTML to embed, use extended block code like so:
|
153
|
+
|
154
|
+
bc.. ./foo.pl%
|
155
|
+
<p>foo outputs an HTML paragraph</p>
|
156
|
+
|
157
|
+
<p>block of code keeps going until a different block signature is encountered</p>
|
158
|
+
|
159
|
+
p. And then go back with a normal paragraph.
|
160
|
+
html: |-
|
161
|
+
<p>If you have a line or two of code or <span class="caps">HTML</span> to embed, use extended block code like so:</p>
|
162
|
+
<pre><code>./foo.pl%
|
163
|
+
<p>foo outputs an HTML paragraph</p></code>
|
164
|
+
|
165
|
+
<code><p>block of code keeps going until a different block signature is encountered</p></code></pre>
|
166
|
+
<p>And then go back with a normal paragraph.</p>
|
167
|
+
---
|
168
|
+
name: extended block code preserves leading whitespace after blank line
|
169
|
+
in: |-
|
170
|
+
bc.. class Foo
|
171
|
+
def bar
|
172
|
+
'bar'
|
173
|
+
end
|
174
|
+
|
175
|
+
def baz
|
176
|
+
'baz'
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
p. That's it!
|
181
|
+
html: |-
|
182
|
+
<pre><code>class Foo
|
183
|
+
def bar
|
184
|
+
'bar'
|
185
|
+
end</code>
|
186
|
+
|
187
|
+
<code> def baz
|
188
|
+
'baz'
|
189
|
+
end
|
190
|
+
end</code></pre>
|
191
|
+
<p>That’s it!</p>
|
192
|
+
---
|
193
|
+
name: block code containing code avoids nesting code tags
|
194
|
+
in: |-
|
195
|
+
bc. A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@
|
196
|
+
html: |-
|
197
|
+
<pre><code>A one-liner: @ruby -ne '($h||={}).fetch($_){puts $h[$_]=$_}'@</code></pre>
|
198
|
+
---
|
199
|
+
name: block code containing block start
|
200
|
+
in: |-
|
201
|
+
bc. I saw a ship. It ate my elephant.
|
202
|
+
html: |-
|
203
|
+
<pre><code>I saw a ship. It ate my elephant.</code></pre>
|
204
|
+
---
|
205
|
+
name: extended block code containing block start
|
206
|
+
in: |-
|
207
|
+
bc.. This is an extended bc.
|
208
|
+
|
209
|
+
I saw a ship. It ate my elephant.
|
210
|
+
html: |-
|
211
|
+
<pre><code>This is an extended bc.</code>
|
212
|
+
|
213
|
+
<code>I saw a ship. It ate my elephant.</code></pre>
|
214
|
+
---
|
215
|
+
name: block containing html tags
|
216
|
+
in: bc. Can I talk about <h2>Headings</h2> here?
|
217
|
+
html: '<pre><code>Can I talk about <h2>Headings</h2> here?</code></pre>'
|
218
|
+
---
|
219
|
+
name: escape latex standard symbols
|
220
|
+
in: "standard symbols # $ % & _ { }"
|
221
|
+
latex: "standard symbols \\# \\$ \\% \\& \\_ \\{ \\}\n\n"
|
222
|
+
---
|
223
|
+
name: escape latex text symbols
|
224
|
+
in: "text symbols \\ ~ ^"
|
225
|
+
latex: "text symbols \\textbackslash{} \\~{} \\^{}\n\n"
|
226
|
+
---
|
227
|
+
name: named html entities to latex
|
228
|
+
in: "… ½"
|
229
|
+
latex: "\\ldots{} \\sfrac{1}{2}\n\n"
|
230
|
+
---
|
231
|
+
name: numeric html entities to latex
|
232
|
+
in: "… ½"
|
233
|
+
latex: "\\ldots{} \\sfrac{1}{2}\n\n"
|
234
|
+
---
|
235
|
+
name: unclosed pre tag
|
236
|
+
in: '<pre><code>This is a pre that will go unfinished'
|
237
|
+
html: '<pre><code>This is a pre that will go unfinished'
|
238
|
+
valid_html: false
|
239
|
+
---
|
240
|
+
name: unclosed code tag
|
241
|
+
in: 'This is a some <code>code that will go unfinished'
|
242
|
+
html: '<p>This is a some <code>code that will go unfinished</p>'
|
243
|
+
valid_html: false
|
244
|
+
---
|
245
|
+
name: code containing parentheses
|
246
|
+
in: 'p. @some_method(some_params, some => test);@ Oh dear this fails'
|
247
|
+
html: '<p><code>some_method(some_params, some => test);</code> Oh dear this fails</p>'
|
248
|
+
latex: "\\verb@some_method(some_params, some => test);@ Oh dear this fails\n\n"
|
249
|
+
---
|
250
|
+
name: code preserves initial square brackets
|
251
|
+
description: usually square brackets are used for the language (English, French, Spanish...), but that doesn't make sense for code and apparently is needed for some computer languages.
|
252
|
+
in: "@[project]_dff.skjd@"
|
253
|
+
html: <p><code>[project]_dff.skjd</code></p>
|
254
|
+
---
|
255
|
+
name: following also bracketed code in same line
|
256
|
+
in: "Some [@code@] and some [@more code@]."
|
257
|
+
html: "<p>Some <code>code</code> and some <code>more code</code>.</p>"
|
@@ -0,0 +1,82 @@
|
|
1
|
+
name: redcloth definition list
|
2
|
+
in: |-
|
3
|
+
here is a RedCloth definition list:
|
4
|
+
|
5
|
+
- yes := no
|
6
|
+
- no:=no
|
7
|
+
- maybe:= yes
|
8
|
+
html: |-
|
9
|
+
<p>here is a RedCloth definition list:</p>
|
10
|
+
<dl>
|
11
|
+
<dt>yes</dt>
|
12
|
+
<dd>no</dd>
|
13
|
+
<dt>no</dt>
|
14
|
+
<dd>no</dd>
|
15
|
+
<dt>maybe</dt>
|
16
|
+
<dd>yes</dd>
|
17
|
+
</dl>
|
18
|
+
---
|
19
|
+
name: with line breaks
|
20
|
+
in: |-
|
21
|
+
- term := you can have line breaks
|
22
|
+
just like other lists
|
23
|
+
- line-spanning
|
24
|
+
term := hey, slick!
|
25
|
+
html: |-
|
26
|
+
<dl>
|
27
|
+
<dt>term</dt>
|
28
|
+
<dd>you can have line breaks<br />
|
29
|
+
just like other lists</dd>
|
30
|
+
<dt>line-spanning<br />
|
31
|
+
term</dt>
|
32
|
+
<dd>hey, slick!</dd>
|
33
|
+
</dl>
|
34
|
+
---
|
35
|
+
name: double terms
|
36
|
+
in: |-
|
37
|
+
You can have multiple terms before a definition:
|
38
|
+
|
39
|
+
- textile
|
40
|
+
- fabric
|
41
|
+
- cloth := woven threads
|
42
|
+
html: |-
|
43
|
+
<p>You can have multiple terms before a definition:</p>
|
44
|
+
<dl>
|
45
|
+
<dt>textile</dt>
|
46
|
+
<dt>fabric</dt>
|
47
|
+
<dt>cloth</dt>
|
48
|
+
<dd>woven threads</dd>
|
49
|
+
</dl>
|
50
|
+
---
|
51
|
+
name: not a definition list
|
52
|
+
desc: a definition list with no definitions is not a definition list
|
53
|
+
in: |-
|
54
|
+
- textile
|
55
|
+
- fabric
|
56
|
+
- cloth
|
57
|
+
html: |-
|
58
|
+
<p>- textile<br />
|
59
|
+
- fabric<br />
|
60
|
+
- cloth</p>
|
61
|
+
---
|
62
|
+
name: long definition list
|
63
|
+
in: |-
|
64
|
+
here is a long definition
|
65
|
+
|
66
|
+
- some term :=
|
67
|
+
*sweet*
|
68
|
+
|
69
|
+
yes
|
70
|
+
|
71
|
+
ok =:
|
72
|
+
- regular term := no
|
73
|
+
html: |-
|
74
|
+
<p>here is a long definition</p>
|
75
|
+
<dl>
|
76
|
+
<dt>some term</dt>
|
77
|
+
<dd><p><strong>sweet</strong></p>
|
78
|
+
<p>yes</p>
|
79
|
+
<p>ok</p></dd>
|
80
|
+
<dt>regular term</dt>
|
81
|
+
<dd>no</dd>
|
82
|
+
</dl>
|
@@ -0,0 +1,64 @@
|
|
1
|
+
---
|
2
|
+
name: header with 1 blank line below
|
3
|
+
in: |-
|
4
|
+
h1. Header
|
5
|
+
|
6
|
+
text
|
7
|
+
html: |-
|
8
|
+
<h1>Header</h1>
|
9
|
+
<p>text</p>
|
10
|
+
---
|
11
|
+
name: header with 2 blank lines below
|
12
|
+
in: |-
|
13
|
+
h1. Header
|
14
|
+
|
15
|
+
|
16
|
+
text
|
17
|
+
html: |-
|
18
|
+
<h1>Header</h1>
|
19
|
+
<p>text</p>
|
20
|
+
---
|
21
|
+
name: header with 1 blank line above
|
22
|
+
in: |-
|
23
|
+
text
|
24
|
+
|
25
|
+
h1. Header
|
26
|
+
html: |-
|
27
|
+
<p>text</p>
|
28
|
+
<h1>Header</h1>
|
29
|
+
---
|
30
|
+
name: header with 2 blank lines above
|
31
|
+
in: |-
|
32
|
+
text
|
33
|
+
|
34
|
+
|
35
|
+
h1. Header
|
36
|
+
html: |-
|
37
|
+
<p>text</p>
|
38
|
+
<h1>Header</h1>
|
39
|
+
---
|
40
|
+
name: header with 1 blank line above and with no text
|
41
|
+
in: |-
|
42
|
+
|
43
|
+
h1. Header
|
44
|
+
html: <h1>Header</h1>
|
45
|
+
---
|
46
|
+
name: header with 2 blank lines above and with no text
|
47
|
+
in: |-
|
48
|
+
|
49
|
+
|
50
|
+
h1. Header
|
51
|
+
html: <h1>Header</h1>
|
52
|
+
---
|
53
|
+
name: header with 1 blank line below and with no text
|
54
|
+
in: |+
|
55
|
+
h1. Header
|
56
|
+
|
57
|
+
html: <h1>Header</h1>
|
58
|
+
---
|
59
|
+
name: header with 2 blank lines below and with no text
|
60
|
+
in: |+
|
61
|
+
h1. Header
|
62
|
+
|
63
|
+
|
64
|
+
html: <h1>Header</h1>
|
@@ -0,0 +1,177 @@
|
|
1
|
+
---
|
2
|
+
name: standalone html escaped
|
3
|
+
in: |-
|
4
|
+
<hr>
|
5
|
+
<abc def="a=1&b=2">
|
6
|
+
<div>
|
7
|
+
<hr/>
|
8
|
+
<hr />
|
9
|
+
</div>
|
10
|
+
filtered_html: |-
|
11
|
+
<hr>
|
12
|
+
<abc def="a=1&b=2">
|
13
|
+
<div>
|
14
|
+
<hr/>
|
15
|
+
<hr />
|
16
|
+
</div>
|
17
|
+
---
|
18
|
+
in: Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script>
|
19
|
+
filtered_html: <p>Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script></p>
|
20
|
+
---
|
21
|
+
name: escapes partial inline script tag
|
22
|
+
desc: The end tag is malformed, but it must be escaped since a browser would recognize it
|
23
|
+
in: Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script
|
24
|
+
filtered_html: <p>Just a little harmless xss <script src=http://ha.ckers.org/xss.js></script</p>
|
25
|
+
valid_html: false
|
26
|
+
---
|
27
|
+
name: escapes partial scanner-level script tag
|
28
|
+
desc: The end tag is malformed, but it must be escaped since a browser would recognize it anyway.
|
29
|
+
in: <script src=http://ha.ckers.org/xss.js></script
|
30
|
+
filtered_html: '<script src=http://ha.ckers.org/xss.js></script'
|
31
|
+
valid_html: false
|
32
|
+
---
|
33
|
+
name: escapes self-closing scanner-level tag
|
34
|
+
in: <hr />
|
35
|
+
filtered_html: '<hr />'
|
36
|
+
valid_html: false
|
37
|
+
---
|
38
|
+
name: processes text beginning with space
|
39
|
+
in: ' This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
40
|
+
filtered_html: 'This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
41
|
+
---
|
42
|
+
name: processes script tags beginning with space
|
43
|
+
in: ' <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
44
|
+
filtered_html: '<script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>'
|
45
|
+
---
|
46
|
+
name: processes text in notextile tags
|
47
|
+
in: |-
|
48
|
+
<notextile>
|
49
|
+
This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>
|
50
|
+
</notextile>
|
51
|
+
filtered_html: |-
|
52
|
+
This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script>
|
53
|
+
---
|
54
|
+
name: processes text in inline notextile tags
|
55
|
+
in: |-
|
56
|
+
This should be <b>escaped</b>: <notextile><script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script></notextile>
|
57
|
+
filtered_html: |-
|
58
|
+
<p>This should be <b>escaped</b>: <script type="text/javascript">alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");</script></p>
|
59
|
+
---
|
60
|
+
name: escapes script tags
|
61
|
+
in: |-
|
62
|
+
<script type="text/javascript">
|
63
|
+
alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
|
64
|
+
</script>
|
65
|
+
filtered_html: |-
|
66
|
+
<script type="text/javascript">
|
67
|
+
alert("Hai. I`m in ya PC. Makin ya XSS viruzz! KThxBye");
|
68
|
+
</script>
|
69
|
+
---
|
70
|
+
name: escapes HTML entities within script tags
|
71
|
+
in: |-
|
72
|
+
<script type="text/javascript">
|
73
|
+
<!--
|
74
|
+
document.write("Hello World!")
|
75
|
+
//-->
|
76
|
+
</script>
|
77
|
+
filtered_html: |-
|
78
|
+
<script type="text/javascript">
|
79
|
+
<!--
|
80
|
+
document.write("Hello World!")
|
81
|
+
//-->
|
82
|
+
</script>
|
83
|
+
---
|
84
|
+
name: escapes inline html tags
|
85
|
+
in: |-
|
86
|
+
p. Letting people inject their own HTML can be <em>dangerous</em>!.
|
87
|
+
filtered_html: |-
|
88
|
+
<p>Letting people inject their own <span class="caps">HTML</span> can be <em>dangerous</em>!.</p>
|
89
|
+
---
|
90
|
+
name: escapes html in comments
|
91
|
+
in: |-
|
92
|
+
p. You can't have people injecting HTML into <!-- <b>comments</b>! -->.
|
93
|
+
filtered_html: |-
|
94
|
+
<p>You can’t have people injecting <span class="caps">HTML</span> into <!-- <b>comments</b>! -->.</p>
|
95
|
+
---
|
96
|
+
name: escapes html in inline code tags
|
97
|
+
in: |-
|
98
|
+
p. I have some <code><em>awesome</em> code</code> here.
|
99
|
+
filtered_html: |-
|
100
|
+
<p>I have some <code><em>awesome</em> code</code> here.</p>
|
101
|
+
---
|
102
|
+
name: escapes html notextile block
|
103
|
+
in: |-
|
104
|
+
notextile. This is a <em>notextile</em> block.
|
105
|
+
filtered_html: |-
|
106
|
+
This is a <em>notextile</em> block.
|
107
|
+
---
|
108
|
+
name: escapes html in pre tags
|
109
|
+
in: |-
|
110
|
+
<pre>
|
111
|
+
This should be <em>escaped</em>.
|
112
|
+
</pre>
|
113
|
+
filtered_html: |-
|
114
|
+
<pre>
|
115
|
+
This should be <em>escaped</em>.
|
116
|
+
</pre>
|
117
|
+
---
|
118
|
+
name: escapes html
|
119
|
+
in: |-
|
120
|
+
<div>This should be escaped</div>
|
121
|
+
filtered_html: |-
|
122
|
+
<div>This should be escaped</div>
|
123
|
+
---
|
124
|
+
name: escapes html in html
|
125
|
+
in: |-
|
126
|
+
<div>This should be <b>bold</b></div>
|
127
|
+
filtered_html: |-
|
128
|
+
<div>This should be <b>bold</b></div>
|
129
|
+
---
|
130
|
+
in: Here's a bad image <img src="JaVaScRiPt:alert('XSS');">
|
131
|
+
filtered_html: <p>Here’s a bad image <img src="JaVaScRiPt:alert('XSS');"></p>
|
132
|
+
---
|
133
|
+
in: Just some random > and < characters, but also a <br/> tag.
|
134
|
+
filtered_html: <p>Just some random > and < characters, but also a <br/> tag.</p>
|
135
|
+
---
|
136
|
+
in: |-
|
137
|
+
Quotes outside "pre" tags are escaped.
|
138
|
+
|
139
|
+
<a href="test">Tags are completely escaped outside pre tags.</a>
|
140
|
+
|
141
|
+
<pre>
|
142
|
+
<code>
|
143
|
+
# only < and > are escaped inside pre tags. "Quotes" remain.
|
144
|
+
|
145
|
+
<div>
|
146
|
+
a = 1
|
147
|
+
</div>
|
148
|
+
|
149
|
+
Bad code here.
|
150
|
+
|
151
|
+
<script language="JavaScript">
|
152
|
+
window.open( "abfiltered_html:blank" );
|
153
|
+
</script>
|
154
|
+
</code>
|
155
|
+
</pre>
|
156
|
+
|
157
|
+
filtered_html: |-
|
158
|
+
<p>Quotes outside “pre” tags are escaped.</p>
|
159
|
+
<p><a href="test">Tags are completely escaped outside pre tags.</a></p>
|
160
|
+
<pre>
|
161
|
+
<code>
|
162
|
+
# only < and > are escaped inside pre tags. "Quotes" remain.
|
163
|
+
|
164
|
+
<div>
|
165
|
+
a = 1
|
166
|
+
</div>
|
167
|
+
|
168
|
+
Bad code here.
|
169
|
+
|
170
|
+
<script language="JavaScript">
|
171
|
+
window.open( "abfiltered_html:blank" );
|
172
|
+
</script>
|
173
|
+
</code>
|
174
|
+
</pre>
|
175
|
+
---
|
176
|
+
in: /me <3 beer
|
177
|
+
filtered_html: <p>/me <3 beer</p>
|