Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

codeblock tag : escape HTML code otherwise it will be interpreted by the browser #1811

Merged
merged 3 commits into from
Apr 13, 2016
Merged

codeblock tag : escape HTML code otherwise it will be interpreted by the browser #1811

merged 3 commits into from
Apr 13, 2016

Conversation

LouisBarranqueiro
Copy link
Member

Hey, when highlight.js is disabled, < must be escaped otherwise HTML code is interpreted by the browser.

@tommy351
Copy link
Member

tommy351 commented Mar 6, 2016

I think not only < but other HTML entities should be escaped too. You can try escapeHTML method in hexo-util.

@LouisBarranqueiro
Copy link
Member Author

< is enough to escape an entire HTML code and more efficient than replace all HTML entities. As you can see, octopress do the same thing : https:/imathis/octopress/blob/master/plugins/code_block.rb#L82

@leesei
Copy link
Member

leesei commented Apr 11, 2016

@LouisBarranqueiro it think it's better to conform to standard and escape all the non-safe HTML entities with escapeHTML().

@LouisBarranqueiro
Copy link
Member Author

Got it. I'm on it.

@LouisBarranqueiro LouisBarranqueiro changed the title codeblock tag : escape < otherwise HTML code is interpreted by the browser codeblock tag : escape HTML code otherwise it will be interpreted by the browser Apr 11, 2016
@leesei
Copy link
Member

leesei commented Apr 13, 2016

Our test case is asserting against non-escaped content:
https:/hexojs/hexo/blob/master/test/scripts/tags/code.js#L64
https:/hexojs/hexo/blob/master/test/scripts/tags/code.js#L94

Adding other tag parameters disabled highlight:
https:/hexojs/hexo/blob/master/test/scripts/tags/code.js#L103
https:/hexojs/hexo/blob/master/test/scripts/tags/code.js#L114

@leesei leesei mentioned this pull request Apr 13, 2016
Closed
@leesei leesei merged commit ddea26a into hexojs:master Apr 13, 2016
@LouisBarranqueiro
Copy link
Member Author

Thanks dude

@leesei
Copy link
Member

leesei commented Apr 13, 2016

Thank you 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LouisBarranqueiro @tommy351 @leesei