mirror of
https://github.com/ruby/ruby.git
synced 2022-11-09 12:17:21 -05:00
[ruby/rdoc] Escape HYPERLINKs
https://github.com/ruby/rdoc/commit/ac35485be6
This commit is contained in:
parent
9e3ab9da7f
commit
586e18b946
2 changed files with 6 additions and 1 deletions
|
@ -123,7 +123,7 @@ class RDoc::Markup::ToHtml < RDoc::Markup::Formatter
|
|||
# Reference to a local file relative to the output directory.
|
||||
|
||||
def handle_regexp_HYPERLINK(target)
|
||||
url = target.text
|
||||
url = CGI.escapeHTML(target.text)
|
||||
|
||||
gen_url url, url
|
||||
end
|
||||
|
|
|
@ -836,6 +836,11 @@ EXPECTED
|
|||
assert_equal '<a href="irc://irc.freenode.net/#ruby-lang">irc.freenode.net/#ruby-lang</a>', link
|
||||
end
|
||||
|
||||
def test_handle_regexp_HYPERLINK_escape
|
||||
code = 'irc://irc.freenode.net/"><script>alert(`irc`)</script><a"'
|
||||
assert_escaped '<script>', code
|
||||
end
|
||||
|
||||
def test_list_verbatim_2
|
||||
str = "* one\n verb1\n verb2\n* two\n"
|
||||
|
||||
|
|
Loading…
Reference in a new issue