mirror of
https://github.com/lunaisnotaboy/mastodon.git
synced 2024-12-20 20:27:07 +00:00
Properly escape HTML in code blocks
This commit is contained in:
parent
a6b7c23f6f
commit
dd5bf40b97
|
@ -5,13 +5,23 @@ require_relative './sanitize_config'
|
|||
|
||||
class HTMLRenderer < Redcarpet::Render::HTML
|
||||
def block_code(code, language)
|
||||
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>"
|
||||
"<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
|
||||
end
|
||||
|
||||
def autolink(link, link_type)
|
||||
return link if link_type == :email
|
||||
Formatter.instance.link_url(link)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def html_entities
|
||||
@html_entities ||= HTMLEntities.new
|
||||
end
|
||||
|
||||
def encode(html)
|
||||
html_entities.encode(html)
|
||||
end
|
||||
end
|
||||
|
||||
class Formatter
|
||||
|
|
Loading…
Reference in a new issue