Permalink
Browse files

Don't double encode HTML entities.

  • Loading branch information...
perlDreamer committed Feb 12, 2018
1 parent aab99e7 commit d5fc3802b3391717e96c5ec002c65babab5c939a
Showing with 12 additions and 3 deletions.
  1. +3 −0 CHANGES.txt
  2. +5 −3 author.t/contentfilter.t
  3. +4 −0 lib/Wing/ContentFilter.pm
View
@@ -4,6 +4,9 @@ This file tracks the changes to Wing over time. Especially
with respect to new features and compatibility changes.
==========================================================
2018-2-12
* Don't double encode HTML entities.
2018-2-8
* Autokick all jobs in all tubes in the current wingman server
View
@@ -11,7 +11,7 @@ is Wing::ContentFilter::format_image($image_uri), '<img src="https://cf.geekdo-s
my $find_link_in_text = 'foo https://www.thegamecrafter.com/help bar';
Wing::ContentFilter::find_and_format_uris(\$find_link_in_text, {links => 1});
is $find_link_in_text, 'foo <a href="https://www.thegamecrafter.com/help" target="_new" title="Links to external site: www.thegamecrafter.com">The Game Crafter Knowledge Base <small><span class="glyphicon glyphicon-new-window"></span></a></small> bar', 'can find links embedded in text';
is $find_link_in_text, 'foo <a href="https://www.thegamecrafter.com/help" target="_new" title="Links to external site: www.thegamecrafter.com">The Game Crafter <small><span class="glyphicon glyphicon-new-window"></span></a></small> bar', 'can find links embedded in text';
my $just_a_url = 'https://www.youtube.com/watch?v=YKmj6LI5pfs';
Wing::ContentFilter::find_and_format_uris(\$just_a_url, {youtube => 1});
@@ -82,8 +82,10 @@ is $list2, 'foo<br>bar<ul><li>this is</li><li>a</li><li>list of epic proportions
my $markdown = 'foo [![Alt text](/path/to/img.jpg)](http://example.net/) bar';
Wing::ContentFilter::format_markdown(\$markdown);
is $markdown, '<p>foo <a href="http://example.net/"><img src="/path/to/img.jpg" alt="Alt text"></a> bar</p>'."\n",'can format markdown';
is $markdown, '<p>foo <a href="http://example.net/"><img src="/path/to/img.jpg" alt="Alt text" class="img-responsive"></a> bar</p>','can format markdown';
my $entities = 'This > that & those < these';
Wing::ContentFilter::neutralize_html(\$entities);
is $entities, 'This &gt; that &amp; those &lt; these', 'Easy encoding';
done_testing();
@@ -11,6 +11,10 @@ use URI::Find::Delimited;
sub neutralize_html {
my ($content, $allowed) = @_;
$allowed //= {};
##Decode any existing entities so they don't get double encoded.
${$content} =~ s/&gt;/>/g;
${$content} =~ s/&lt;/</g;
${$content} =~ s/&amp;/&/g;
${$content} =~ s/\&/&amp;/g unless $allowed->{entities}; # replace & with &amp; unless we're ok with entities
${$content} =~ s/\</&lt;/g; # disable HTML tags
${$content} =~ s/\>/&gt;/g;

0 comments on commit d5fc380

Please sign in to comment.