Skip to content

Commit

Permalink
Apply HTML 5 spec of not caring on casing for input (#2016)
Browse files Browse the repository at this point in the history
* Sanitizer will still standardize on lowercase atm.
* Some optimize/minimize conditionals.
* Be specific on what/where to replace with open tags... not a huge deal atm but extra-cautious may be prudent.
* Restore some styling

Post #2014 #2015 and closes #1775

Auto-merge
  • Loading branch information
Martii authored Nov 13, 2023
1 parent 2ff8ac1 commit c477978
Showing 1 changed file with 10 additions and 26 deletions.
36 changes: 10 additions & 26 deletions libs/markdown.js
Original file line number Diff line number Diff line change
Expand Up @@ -143,27 +143,10 @@ function sanitize(aHtml) {
// Sanitize the output from the block level renderers
blockRenderers.forEach(function (aType) {
renderer[aType] = function () {
var matches = null;
var openTagName = null;
var closeTagName = null;

// Begin workaround for #1775
if (aType === 'html') {
matches = arguments[0].match(/^<([a-z]+)(?![^>]*\/>)[^>]*>$/);
if (matches) {
openTagName = matches[1];
}
matches = arguments[0].match(/^<\/([a-z]+)>$/);
if (matches && !!sanitize('<' + matches[1] + '></' + matches[1] + '>')) {
closeTagName = matches[1];
}
}

// Sanitize first to close any tags
// Render Markdown type first then sanitize HTML including any closing of tags
var sanitized = sanitize(marked.Renderer.prototype[aType].apply(renderer, arguments));

// Autolink most usernames

// Autolink most usernames.
var dom = new JSDOM('<div id="sandbox"></div>');
var win = dom.window;
var doc = win.document;
Expand All @@ -179,6 +162,8 @@ blockRenderers.forEach(function (aType) {
var htmlContainer = null;
var thisNode = null;

var matches = null;

hookNode.innerHTML = sanitized;

xpr = doc.evaluate(
Expand Down Expand Up @@ -217,14 +202,13 @@ blockRenderers.forEach(function (aType) {
sanitized = hookNode.innerHTML;
}

// End workaround for #1775
// Workaround for #1775
if (aType === 'html') {
if (openTagName) {
sanitized = sanitized.replace(/<\/[a-z]+>/, '');
}

if (closeTagName) {
sanitized = '</' + closeTagName + '>';
matches = arguments[0].match(/^<(\/?)([a-z]+)(?![^>]*\/>)[^>]*>$/i);
if (matches && matches[2] && sanitize('<' + matches[2] + '></' + matches[2] + '>')) {
sanitized = matches[1]
? '</' + matches[2].toLowerCase() + '>'
: sanitized.replace(new RegExp('<\/' + matches[2].toLowerCase() + '>$'), '');
}
}

Expand Down

0 comments on commit c477978

Please sign in to comment.