1
0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00

escaping of "<" breaks span-level html

This commit is contained in:
Emanuil Rusev
2013-11-05 21:40:33 +02:00
parent 7249d02cff
commit 0e9202689e
5 changed files with 17 additions and 15 deletions

View File

@@ -564,7 +564,9 @@ class Parsedown
{ {
foreach ($matches as $matches) foreach ($matches as $matches)
{ {
$url = $this->escape_special_characters($matches[4]); $url = $matches[4];
strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&amp;', $url);
if ($matches[1]) # image if ($matches[1]) # image
{ {
@@ -604,7 +606,8 @@ class Parsedown
if (isset($this->reference_map[$link_definition])) if (isset($this->reference_map[$link_definition]))
{ {
$url = $this->reference_map[$link_definition]; $url = $this->reference_map[$link_definition];
$url = $this->escape_special_characters($url);
strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&amp;', $url);
if ($matches[1]) # image if ($matches[1]) # image
{ {
@@ -636,7 +639,9 @@ class Parsedown
{ {
foreach ($matches as $matches) foreach ($matches as $matches)
{ {
$url = $this->escape_special_characters($matches[1]); $url = $matches[1];
strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&amp;', $url);
$element = '<a href=":href">:text</a>'; $element = '<a href=":href">:text</a>';
$element = str_replace(':text', $url, $element); $element = str_replace(':text', $url, $element);
@@ -656,7 +661,8 @@ class Parsedown
# ~ # ~
$text = $this->escape_special_characters($text); strpos($text, '&') !== FALSE and $text = preg_replace('/&(?!#?\w+;)/', '&amp;', $text);
strpos($text, '<') !== FALSE and $text = preg_replace('/<(?!\/?\w.*?>)/', '&lt;', $text);
# ~ # ~
@@ -676,13 +682,4 @@ class Parsedown
return $text; return $text;
} }
private function escape_special_characters($text)
{
strpos($text, '&') !== FALSE and $text = preg_replace('/&(?!#?\w+;)/', '&amp;', $text);
$text = str_replace('<', '&lt;', $text);
return $text;
}
} }

View File

@@ -0,0 +1 @@
<p>Here's an <b>important</b> <a href=''>link</a>.</p>

View File

@@ -0,0 +1 @@
Here's an <b>important</b> <a href=''>link</a>.

View File

@@ -4,5 +4,6 @@
<p>4 &lt; 5 and 6 > 5.</p> <p>4 &lt; 5 and 6 > 5.</p>
<p>Here's a <a href="http://example.com/?foo=1&amp;bar=2">link</a> with an ampersand in the URL.</p> <p>Here's a <a href="http://example.com/?foo=1&amp;bar=2">link</a> with an ampersand in the URL.</p>
<p>Here's an inline <a href="/script?foo=1&amp;bar=2">link</a>.</p> <p>Here's an inline <a href="/script?foo=1&amp;bar=2">link</a>.</p>
<p><a href="http://example.com/autolink?a=1&amp;b=2">http://example.com/autolink?a=1&amp;b=2</a></p>
<hr /> <hr />
<p>Based on <a href="http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip">the original</a> test suite.</p> <p>Based on <a href="http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip">the original</a> test suite.</p>

View File

@@ -1,6 +1,6 @@
AT&T has an ampersand in their name. AT&T has an ampersand in their name.
AT&amp;T is another way to write it. AT&T is another way to write it.
This & that. This & that.
@@ -12,6 +12,8 @@ Here's an inline [link](/script?foo=1&bar=2).
[1]: http://example.com/?foo=1&bar=2 [1]: http://example.com/?foo=1&bar=2
<http://example.com/autolink?a=1&b=2>
--- ---
Based on [the original](http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip) test suite. Based on [the original](http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip) test suite.