FIX: better whitelisting

This commit is contained in:
Sam 2014-07-10 09:59:54 +10:00
parent 9828a268b9
commit d54c28adc1
2 changed files with 3 additions and 1 deletions

View file

@ -258,6 +258,6 @@ Discourse.Markdown.whiteListTag('span', 'bbcode-i');
Discourse.Markdown.whiteListTag('span', 'bbcode-u');
Discourse.Markdown.whiteListTag('span', 'bbcode-s');
Discourse.Markdown.whiteListTag('span', 'class', /bbcode-size-\d+$/);
Discourse.Markdown.whiteListTag('span', 'class', /^bbcode-size-\d+$/);
Discourse.Markdown.whiteListIframe(/^(https?:)?\/\/www\.google\.com\/maps\/embed\?.+/i);

View file

@ -244,6 +244,8 @@ describe PrettyText do
it "sanitizes spans" do
PrettyText.cook("<span class=\"-bbcode-size-0 fa fa-spin\">a</span>").should match_html "<p><span>a</span></p>"
PrettyText.cook("<span class=\"fa fa-spin -bbcode-size-0\">a</span>").should match_html "<p><span>a</span></p>"
PrettyText.cook("<span class=\"bbcode-size-10\">a</span>").should match_html "<p><span class=\"bbcode-size-10\">a</span></p>"
end
it "bolds stuff in parens" do