mirror of
https://git.bsd.gay/fef/nyastodon.git
synced 2024-12-26 23:03:41 +01:00
Properly escape HTML in code blocks
This commit is contained in:
parent
a6b7c23f6f
commit
dd5bf40b97
1 changed files with 11 additions and 1 deletions
|
@ -5,13 +5,23 @@ require_relative './sanitize_config'
|
|||
|
||||
class HTMLRenderer < Redcarpet::Render::HTML
|
||||
def block_code(code, language)
|
||||
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>"
|
||||
"<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
|
||||
end
|
||||
|
||||
def autolink(link, link_type)
|
||||
return link if link_type == :email
|
||||
Formatter.instance.link_url(link)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def html_entities
|
||||
@html_entities ||= HTMLEntities.new
|
||||
end
|
||||
|
||||
def encode(html)
|
||||
html_entities.encode(html)
|
||||
end
|
||||
end
|
||||
|
||||
class Formatter
|
||||
|
|
Loading…
Reference in a new issue