mirror of
https://github.com/discourse/discourse.git
synced 2024-11-23 01:16:38 -06:00
FIX: properly unescape HTML entities in excerpts
This commit is contained in:
parent
7e609e1834
commit
6027073547
@ -17,16 +17,15 @@ class ExcerptParser < Nokogiri::XML::SAX::Document
|
||||
|
||||
def self.get_excerpt(html, length, options)
|
||||
html ||= ''
|
||||
if (html.include? 'excerpt') && (SPAN_REGEX === html)
|
||||
length = html.length
|
||||
end
|
||||
length = html.length if html.include?('excerpt') && SPAN_REGEX === html
|
||||
me = self.new(length, options)
|
||||
parser = Nokogiri::HTML::SAX::Parser.new(me)
|
||||
catch(:done) do
|
||||
parser.parse(html)
|
||||
end
|
||||
me.excerpt.strip!
|
||||
me.excerpt
|
||||
excerpt = me.excerpt.strip
|
||||
excerpt = CGI.unescapeHTML(excerpt) if options[:text_entities] == true
|
||||
excerpt
|
||||
end
|
||||
|
||||
def escape_attribute(v)
|
||||
|
@ -84,7 +84,6 @@ describe PrettyText do
|
||||
describe "Excerpt" do
|
||||
|
||||
it "sanitizes attempts to inject invalid attributes" do
|
||||
|
||||
spinner = "<a href=\"http://thedailywtf.com/\" data-bbcode=\"' class='fa fa-spin\">WTF</a>"
|
||||
PrettyText.excerpt(spinner, 20).should match_html spinner
|
||||
|
||||
@ -216,6 +215,10 @@ describe PrettyText do
|
||||
post.excerpt.should == two_hundred
|
||||
end
|
||||
|
||||
it "unescapes html entities when we want text entities" do
|
||||
PrettyText.excerpt("'", 500, text_entities: true).should == "'"
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
describe "strip links" do
|
||||
|
Loading…
Reference in New Issue
Block a user