Harden StripTags against stray angle brackets
This commit is contained in:
Snider
parent
b1ff334c85
commit
4bbdb10080
2 changed files with 18 additions and 1 deletions
11
pipeline.go
11
pipeline.go
|
|
@ -32,7 +32,7 @@ func StripTags(html string) string {
|
|||
|
||||
switch r {
|
||||
case '<':
|
||||
if i+1 < len(runes) && isTagStartRune(runes[i+1]) {
|
||||
if i+1 < len(runes) && isTagStartRune(runes[i+1]) && hasTagCloser(runes, i+2) {
|
||||
inTag = true
|
||||
continue
|
||||
}
|
||||
|
|
@ -67,6 +67,15 @@ func isTagStartRune(r rune) bool {
|
|||
}
|
||||
}
|
||||
|
||||
func hasTagCloser(runes []rune, start int) bool {
|
||||
for i := start; i < len(runes); i++ {
|
||||
if runes[i] == '>' {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
// Imprint renders a node tree to HTML, strips tags, tokenises the text,
|
||||
// and returns a GrammarImprint — the full render-reverse pipeline.
|
||||
// Usage example: imp := Imprint(Text("welcome"), NewContext())
|
||||
|
|
|
|||
|
|
@ -54,6 +54,14 @@ func TestStripTags_PreservesComparisonOperators_Good(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
func TestStripTags_LiteralAngleBracket_Good(t *testing.T) {
|
||||
got := StripTags(`a<b`)
|
||||
want := `a<b`
|
||||
if got != want {
|
||||
t.Errorf("StripTags(literal angle) = %q, want %q", got, want)
|
||||
}
|
||||
}
|
||||
|
||||
func TestStripTags_Entities_Good(t *testing.T) {
|
||||
got := StripTags(`<script>`)
|
||||
want := "<script>"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue