We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
irb(main):001:0> require 'maruku' => true irb(main):002:0> s = <<END irb(main):003:0" *foo*{: style='ball & chain'} irb(main):004:0" irb(main):005:0" *foo*{: style='ball\008 chain'} irb(main):006:0" irb(main):007:0" *foo*{: style='ball\" badAttribute=\"chain'} irb(main):008:0" END => "*foo*{: style='ball & chain'}\n\n*foo*{: style='ball\u00008 chain'}\n\n*foo*{: style='ball\" badAttribute=\"chain'}\n" irb(main):009:0> Maruku.new(s).to_html => "<p><em style=\"ball & chain\">foo</em></p>\n\n<p><em style=\"ball\u00008 chain\">foo</em></p>\n\n<p><em style=\"ball\" badAttribute=\"chain\">foo</em></p>"
Nokogiri would ensure sane attribute values. So the output from the previous serializer would have been
<p><em style="ball & chain">foo</em></p> <p><em style="ball">foo</em></p> <p><em style="ball" badAttribute="chain">foo</em></p>
In addition to well-formedness issues, the third example has obvious security implications, depending on how the client program's sanitization works.
The text was updated successfully, but these errors were encountered:
Thanks, I'll get some tests in for that.
Sorry, something went wrong.
7363179
Thanks. This is now fixed. Let me know if you find anything else that needs work, I'm building up a 0.7.1 release soon.
No branches or pull requests
Nokogiri would ensure sane attribute values. So the output from the previous serializer would have been
In addition to well-formedness issues, the third example has obvious security implications, depending on how the client program's sanitization works.
The text was updated successfully, but these errors were encountered: