Properly escape HTML in code blocks

master
Thibaut Girka 6 years ago committed by ThibG
parent a6b7c23f6f
commit dd5bf40b97
  1. 12
      app/lib/formatter.rb

@ -5,13 +5,23 @@ require_relative './sanitize_config'
class HTMLRenderer < Redcarpet::Render::HTML
def block_code(code, language)
"<pre><code>#{code.gsub("\n", "<br/>")}</code></pre>"
"<pre><code>#{encode(code).gsub("\n", "<br/>")}</code></pre>"
end
def autolink(link, link_type)
return link if link_type == :email
Formatter.instance.link_url(link)
end
private
def html_entities
@html_entities ||= HTMLEntities.new
end
def encode(html)
html_entities.encode(html)
end
end
class Formatter

Loading…
Cancel
Save