OrgWiki/go-org-orgwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

html: Fix example blocks - escape html

Browse source 
While example blocks do not render inline markup and are thus parsed raw in
some way, their contents are not literal html and thus still need to be html
escaped.
This commit is contained in:
Niklas Fasching 2020-03-31 16:28:01 +02:00
parent 115a8b9c1b
commit c68d931100
5 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
org/html_writer.go
View file

@ -123,7 +123,7 @@ func (w *HTMLWriter) WriteBlock(b Block) {
content = w.HighlightCodeBlock(content, lang) content = w.HighlightCodeBlock(content, lang)
w.WriteString(fmt.Sprintf("<div class=\"src src-%s\">\n%s\n</div>\n", lang, content)) w.WriteString(fmt.Sprintf("<div class=\"src src-%s\">\n%s\n</div>\n", lang, content))
case name == "EXAMPLE": case name == "EXAMPLE":
w.WriteString(`<pre class="example">` + "\n" + content + "\n</pre>\n") w.WriteString(`<pre class="example">` + "\n" + html.EscapeString(content) + "\n</pre>\n")
case name == "EXPORT" && len(b.Parameters) >= 1 && strings.ToLower(b.Parameters[0]) == "html": case name == "EXPORT" && len(b.Parameters) >= 1 && strings.ToLower(b.Parameters[0]) == "html":
w.WriteString(content + "\n") w.WriteString(content + "\n")
case name == "QUOTE": case name == "QUOTE":

4
org/testdata/blocks.html vendored
View file

@ -32,9 +32,11 @@ empty lines!
it also has multiple parameters it also has multiple parameters
src, example & export blocks treat their content as raw text src, example &amp; export blocks treat their content as raw text
/inline/ *markup* is ignored /inline/ *markup* is ignored
and whitespace is honored and not removed and whitespace is honored and not removed
content of example blocks is still html escaped - see &lt;script&gt;alert(&#34;escaped&#34;)&lt;/script&gt;
</pre> </pre>
<pre class="example"> <pre class="example">
examples like this examples like this

2
org/testdata/blocks.org vendored
View file

@ -25,6 +25,8 @@ it also has multiple parameters
src, example & export blocks treat their content as raw text src, example & export blocks treat their content as raw text
/inline/ *markup* is ignored /inline/ *markup* is ignored
and whitespace is honored and not removed and whitespace is honored and not removed
content of example blocks is still html escaped - see <script>alert("escaped")</script>
#+END_EXAMPLE #+END_EXAMPLE
: examples like this : examples like this

2
org/testdata/blocks.pretty_org vendored
View file

@ -25,6 +25,8 @@ it also has multiple parameters
src, example & export blocks treat their content as raw text src, example & export blocks treat their content as raw text
/inline/ *markup* is ignored /inline/ *markup* is ignored
and whitespace is honored and not removed and whitespace is honored and not removed
content of example blocks is still html escaped - see <script>alert("escaped")</script>
#+END_EXAMPLE #+END_EXAMPLE
: examples like this : examples like this

2
org/testdata/misc.html vendored
View file

@ -200,7 +200,7 @@ example block
</p> </p>
<pre class="example"> <pre class="example">
language: go language: go
go: "1.x" go: &#34;1.x&#34;
script: script:
- make test - make test
- make generate-gh-pages - make generate-gh-pages