mirror/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2023-08-10 21:13:06 +03:00
Code Releases Activity

CommonMark escapes double-quotes

Browse Source
This commit is contained in:
Aidan Woods 2019-01-27 18:02:32 +00:00
parent d6c97ee111
commit 2e0ad27c5e
No known key found for this signature in database
GPG Key ID: 9A6A8EFAA512BBB9
6 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
psalm.xml
View File

@ -33,6 +33,7 @@
<referencedMethod name="Erusev\Parsedown\Configurables\BlockTypes::removing" />
<referencedMethod name="Erusev\Parsedown\Configurables\Breaks::enabled" />
<referencedMethod name="Erusev\Parsedown\State::mergingWith" />
<referencedMethod name="Erusev\Parsedown\Html\Sanitisation\Escaper::htmlElementValue" />
</errorLevel>
</PossiblyUnusedMethod>
</issueHandlers>

2
src/Html/Renderables/Text.php
View File

@ -29,6 +29,6 @@ final class Text implements Renderable
/** @return string */
public function getHtml()
{
return Escaper::htmlElementValue($this->text);
return Escaper::htmlElementValueEscapingDoubleQuotes($this->text);
}
}

9
src/Html/Sanitisation/Escaper.php
View File

@ -22,6 +22,15 @@ final class Escaper
return self::escape($text, true);
}
/**
* @param string $text
* @return string
*/
public static function htmlElementValueEscapingDoubleQuotes($text)
{
return \htmlspecialchars($text, \ENT_COMPAT, 'UTF-8');
}
/**
* @param string $text
* @param bool $allowQuotes

4
tests/ParsedownTest.php
View File

@ -124,12 +124,12 @@ MARKDOWN_WITH_MARKUP;
<p>&lt;div&gt;<em>content</em>&lt;/div&gt;</p>
<p>sparse:</p>
<p>&lt;div&gt;
&lt;div class="inner"&gt;
&lt;div class=&quot;inner&quot;&gt;
<em>content</em>
&lt;/div&gt;
&lt;/div&gt;</p>
<p>paragraph</p>
<p>&lt;style type="text/css"&gt;
<p>&lt;style type=&quot;text/css&quot;&gt;
p {
color: red;
}

4
tests/data/fenced_code_block.html
View File

@ -6,9 +6,9 @@ echo $message;</code></pre>
<pre><code class="language-php">echo 'language identifier';</code></pre>
<pre><code class="language-c#">echo 'language identifier with non words';</code></pre>
<pre><code class="language-html+php">&lt;?php
echo "Hello World";
echo &quot;Hello World&quot;;
?&gt;
&lt;a href="http://auraphp.com" &gt;Aura Project&lt;/a&gt;</code></pre>
&lt;a href=&quot;http://auraphp.com&quot; &gt;Aura Project&lt;/a&gt;</code></pre>
<pre><code>the following isn't quite enough to close
```
still a fenced code block</code></pre>

2
tests/data/tab-indented_code_block.html
View File

@ -3,4 +3,4 @@
$message = 'Hello World!';
echo $message;
echo "following a blank line";</code></pre>
echo &quot;following a blank line&quot;;</code></pre>