diff options
| author | David Heinemeier Hansson <david@loudthinking.com> | 2007-09-29 20:19:33 +0000 |
|---|---|---|
| committer | David Heinemeier Hansson <david@loudthinking.com> | 2007-09-29 20:19:33 +0000 |
| commit | 826f0bd42f7406571923a4889ad895dadae59d4f (patch) | |
| tree | 14eb573ea63d6a27fef2c1ba305453bb9ca8ad85 | |
| parent | 4953563e088bd23ef36ef4a76543deef5369fa9a (diff) | |
| download | rails-826f0bd42f7406571923a4889ad895dadae59d4f.tar.gz rails-826f0bd42f7406571923a4889ad895dadae59d4f.tar.bz2 rails-826f0bd42f7406571923a4889ad895dadae59d4f.zip | |
Fixed that strip_tags blows up with invalid html (closes #9730) [lifo]
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7677 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
| -rw-r--r-- | actionpack/lib/action_view/helpers/text_helper.rb | 10 | ||||
| -rw-r--r-- | actionpack/test/template/text_helper_test.rb | 3 |
2 files changed, 9 insertions, 4 deletions
diff --git a/actionpack/lib/action_view/helpers/text_helper.rb b/actionpack/lib/action_view/helpers/text_helper.rb index bb7ddefcad..e3e17eaf42 100644 --- a/actionpack/lib/action_view/helpers/text_helper.rb +++ b/actionpack/lib/action_view/helpers/text_helper.rb @@ -329,15 +329,15 @@ module ActionView # strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.') # # => Blog: Visit def strip_links(html) - if !html.blank? && html.index("<a") || html.index("<href") + if !html.blank? && (html.index("<a") || html.index("<href")) && html.index(">") tokenizer = HTML::Tokenizer.new(html) result = returning [] do |result| while token = tokenizer.next node = HTML::Node.parse(nil, 0, 0, token, false) result << node.to_s unless node.is_a?(HTML::Tag) && ["a", "href"].include?(node.name) end - end - strip_links(result.join) # Recurse - handle all dirty nested links + end.join + result == html ? result : strip_links(result) # Recurse - handle all dirty nested links else html end @@ -468,8 +468,10 @@ module ActionView # strip any comments, and if they have a newline at the end (ie. line with # only a comment) strip that too + result = text.join.gsub(/<!--(.*?)-->[\n]?/m, "") + # Recurse - handle all dirty nested tags - strip_tags(text.join.gsub(/<!--(.*?)-->[\n]?/m, "")) + result == html ? result : strip_tags(result) end # Creates a Cycle object whose _to_s_ method cycles through elements of an diff --git a/actionpack/test/template/text_helper_test.rb b/actionpack/test/template/text_helper_test.rb index 979e436556..7520e49779 100644 --- a/actionpack/test/template/text_helper_test.rb +++ b/actionpack/test/template/text_helper_test.rb @@ -48,6 +48,7 @@ class TextHelperTest < Test::Unit::TestCase def test_strip_links assert_equal "Dont touch me", strip_links("Dont touch me") + assert_equal "<a<a", strip_links("<a<a") assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>") assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>") assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic") @@ -537,6 +538,8 @@ class TextHelperTest < Test::Unit::TestCase end def test_strip_tags + assert_equal("<<<bad html", strip_tags("<<<bad html")) + assert_equal("<<", strip_tags("<<<bad html>")) assert_equal("Dont touch me", strip_tags("Dont touch me")) assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")) assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos")) |