OrgWiki/go-org-orgwiki
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

html: Fix example blocks - escape html

Browse source 
While example blocks do not render inline markup and are thus parsed raw in
some way, their contents are not literal html and thus still need to be html
escaped.
This commit is contained in:
Niklas Fasching 2020-03-31 16:28:01 +02:00
parent 115a8b9c1b
commit c68d931100
5 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
org/html_writer.go
View file

@ -123,7 +123,7 @@ func (w *HTMLWriter) WriteBlock(b Block) {
content = w.HighlightCodeBlock(content, lang)
w.WriteString(fmt.Sprintf("<div class=\"src src-%s\">\n%s\n</div>\n", lang, content))
case name == "EXAMPLE":
w.WriteString(`<pre class="example">` + "\n" + content + "\n</pre>\n")
w.WriteString(`<pre class="example">` + "\n" + html.EscapeString(content) + "\n</pre>\n")
case name == "EXPORT" && len(b.Parameters) >= 1 && strings.ToLower(b.Parameters[0]) == "html":
w.WriteString(content + "\n")
case name == "QUOTE":

4
org/testdata/blocks.html vendored
View file

@ -32,9 +32,11 @@ empty lines!
it also has multiple parameters
src, example & export blocks treat their content as raw text
src, example &amp; export blocks treat their content as raw text
/inline/ *markup* is ignored
and whitespace is honored and not removed
content of example blocks is still html escaped - see &lt;script&gt;alert(&#34;escaped&#34;)&lt;/script&gt;
</pre>
<pre class="example">
examples like this

2
org/testdata/blocks.org vendored
View file

@ -25,6 +25,8 @@ it also has multiple parameters
src, example & export blocks treat their content as raw text
/inline/ *markup* is ignored
and whitespace is honored and not removed
content of example blocks is still html escaped - see <script>alert("escaped")</script>
#+END_EXAMPLE
: examples like this

2
org/testdata/blocks.pretty_org vendored
View file

@ -25,6 +25,8 @@ it also has multiple parameters
src, example & export blocks treat their content as raw text
/inline/ *markup* is ignored
and whitespace is honored and not removed
content of example blocks is still html escaped - see <script>alert("escaped")</script>
#+END_EXAMPLE
: examples like this

2
org/testdata/misc.html vendored
View file

@ -200,7 +200,7 @@ example block
</p>
<pre class="example">
language: go
go: "1.x"
go: &#34;1.x&#34;
script:
- make test
- make generate-gh-pages