From b8005f0b1be8a56bf22d53cc0524dc61105f5358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A9gis=20Hanol?= Date: Wed, 13 May 2015 17:50:25 +0200 Subject: [PATCH] FIX: link starting with '[poll' should not break polls --- plugins/poll/assets/javascripts/poll_dialect.js | 4 ++-- plugins/poll/spec/controllers/posts_controller_spec.rb | 8 ++++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/plugins/poll/assets/javascripts/poll_dialect.js b/plugins/poll/assets/javascripts/poll_dialect.js index 126f48331..d2e0b4c93 100644 --- a/plugins/poll/assets/javascripts/poll_dialect.js +++ b/plugins/poll/assets/javascripts/poll_dialect.js @@ -8,10 +8,10 @@ const WHITELISTED_ATTRIBUTES = ["type", "name", "min", "max", "step", "order", "color", "background", "status"]; const WHITELISTED_STYLES = ["color", "background"]; - const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]=]+['\"]?", "g"); + const ATTRIBUTES_REGEX = new RegExp("(" + WHITELISTED_ATTRIBUTES.join("|") + ")=['\"]?[^\\s\\]]+['\"]?", "g"); Discourse.Dialect.replaceBlock({ - start: /\[poll([^\]]*)\]([\s\S]*)/igm, + start: /\[poll((?:\s+\w+=[^\s\]]+)*)\]([\s\S]*)/igm, stop: /\[\/poll\]/igm, emitter: function(blockContents, matches) { diff --git a/plugins/poll/spec/controllers/posts_controller_spec.rb b/plugins/poll/spec/controllers/posts_controller_spec.rb index 3d63d8425..ad373624c 100644 --- a/plugins/poll/spec/controllers/posts_controller_spec.rb +++ b/plugins/poll/spec/controllers/posts_controller_spec.rb @@ -57,6 +57,14 @@ describe PostsController do expect(json["polls"]["<script>alert(xss)</script>"]).to be end + it "also works whe there is a link starting with '[poll'" do + xhr :post, :create, { title: title, raw: "[Polls are awesome](/foobar)\n[poll]\n- A\n- B\n[/poll]" } + expect(response).to be_success + json = ::JSON.parse(response.body) + expect(json["cooked"]).to match("data-poll-") + expect(json["polls"]).to be + end + describe "edit window" do describe "within the first 5 minutes" do