1
0
mirror of https://github.com/danog/blackfriday.git synced 2025-01-22 13:21:36 +01:00

More <script> stripping

Partially addresses issue #11.
This commit is contained in:
Vytautas Šaltenis 2013-04-13 23:24:30 +03:00
parent fb923cdb78
commit dcaaa9b5dc
2 changed files with 18 additions and 1 deletions

16
html.go
View File

@ -168,10 +168,24 @@ func (options *Html) BlockHtml(out *bytes.Buffer, text []byte) {
}
doubleSpace(out)
out.Write(text)
if options.flags&HTML_SKIP_SCRIPT != 0 {
out.Write(stripTag(string(text), "script", "p"))
} else {
out.Write(text)
}
out.WriteByte('\n')
}
// This is a trivial implementation for the simplest possible case
func stripTag(text, tag, newTag string) []byte {
openTag := fmt.Sprintf("<%s>", tag)
closeTag := fmt.Sprintf("</%s>", tag)
openNewTag := fmt.Sprintf("<%s>", newTag)
closeNewTag := fmt.Sprintf("</%s>", newTag)
noOpen := strings.Replace(text, openTag, openNewTag, -1)
return []byte(strings.Replace(noOpen, closeTag, closeNewTag, -1))
}
func (options *Html) HRule(out *bytes.Buffer) {
doubleSpace(out)
out.WriteString("<hr")

View File

@ -82,6 +82,9 @@ func TestRawHtmlTag(t *testing.T) {
" <script>alert()</script>\n",
"<p>alert()</p>\n",
"<script>alert()</script>\n",
"<p>alert()</p>\n",
}
doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SKIP_SCRIPT)
}