Properly escape HTML in code blocks

This commit is contained in:
Thibaut Girka 2019-05-17 10:43:17 +02:00 committed by ThibG
parent a6b7c23f6f
commit dd5bf40b97

View File

@ -5,13 +5,23 @@ require_relative './sanitize_config'
class HTMLRenderer < Redcarpet::Render::HTML
def block_code(code, language)
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>"
"<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
end
def autolink(link, link_type)
return link if link_type == :email
Formatter.instance.link_url(link)
end
private
def html_entities
@html_entities ||= HTMLEntities.new
end
def encode(html)
html_entities.encode(html)
end
end
class Formatter