1
0
mirror of https://github.com/TeamNewPipe/isso synced 2025-10-05 16:12:47 +02:00

Add HTML escaping to code blocks (#631)

This commit is contained in:
fluffy
2020-10-10 13:21:05 -07:00
committed by GitHub
parent f4d2705d4f
commit 944e484684
2 changed files with 13 additions and 2 deletions

View File

@@ -98,3 +98,13 @@ class TestHTML(unittest.TestCase):
self.assertIn(renderer("http://example.org/ and sms:+1234567890"),
['<p><a href="http://example.org/" rel="nofollow noopener">http://example.org/</a> and sms:+1234567890</p>',
'<p><a rel="nofollow noopener" href="http://example.org/">http://example.org/</a> and sms:+1234567890</p>'])
def test_code_blocks(self):
convert = html.Markdown(extensions=('fenced-code',))
examples = [
("```\nThis is a code-fence. <hello>\n```", "<p><pre><code>This is a code-fence. &lt;hello&gt;\n</code></pre></p>"),
("```c++\nThis is a code-fence. <hello>\n```", "<p><pre><code class=\"c++\">This is a code-fence. &lt;hello&gt;\n</code></pre></p>"),
(" This is a four-character indent. <hello>", "<p><pre><code>This is a four-character indent. &lt;hello&gt;\n</code></pre></p>")]
for (input, expected) in examples:
self.assertEqual(convert(input), expected)

View File

@@ -1,6 +1,7 @@
# -*- encoding: utf-8 -*-
from __future__ import unicode_literals
import html
import bleach
import misaka
@@ -74,8 +75,8 @@ class Unofficial(misaka.HtmlRenderer):
"""
def blockcode(self, text, lang):
lang = ' class="{0}"'.format(lang) if lang else ''
return "<pre><code{1}>{0}</code></pre>\n".format(text, lang)
lang = ' class="{0}"'.format(html.escape(lang)) if lang else ''
return "<pre><code{1}>{0}</code></pre>\n".format(html.escape(text,False), lang)
class Markup(object):