From: Dylan William Hardison Date: Fri, 11 Jan 2019 02:14:22 +0000 (-0500) Subject: Bug 1519240 - Markdown comments ruin links wrapped in <> X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5953747fb81ce9c3b199e239fa71f12bb6837937;p=thirdparty%2Fbugzilla.git Bug 1519240 - Markdown comments ruin links wrapped in <> --- diff --git a/Bugzilla/Markdown.pm b/Bugzilla/Markdown.pm index c90772fca..8f38788a5 100644 --- a/Bugzilla/Markdown.pm +++ b/Bugzilla/Markdown.pm @@ -47,7 +47,8 @@ sub render_html { no warnings 'utf8'; # this is needed because our perl is so old. # This is a bit faster since it doesn't engage the regex engine. # Replace < with \x{FDD4}, and remove \x{FDD4}. - $markdown =~ tr/<\x{FDD4}/\x{FDD4}/d; + $markdown =~ tr/\x{FDD4}//d; + $markdown =~ s{<(?!https?://)}{\x{FDD4}}gs; my @valid_text_parent_tags = ('p', 'li', 'td'); my @bad_tags = qw( img ); my $bugzilla_shorthand = $self->bugzilla_shorthand; diff --git a/t/markdown.t b/t/markdown.t index 23f6692d1..35d7da4f4 100644 --- a/t/markdown.t +++ b/t/markdown.t @@ -11,6 +11,7 @@ use lib qw( . lib local/lib/perl5 ); use Bugzilla::Test::MockDB; use Bugzilla::Test::MockParams (password_complexity => 'no_constraints'); +use Mojo::DOM; use Bugzilla; use Test2::V0; @@ -77,4 +78,17 @@ HTML is($parser->render_html($table_markdown), $table_html, 'Table extension'); +{ + no warnings 'utf8'; + is($parser->render_html("\x{FDD4}"), "", "strips out PUA char"); +} + +my $angle_link = $parser->render_html(""); + +my $angle_link_dom = Mojo::DOM->new($angle_link); +my $ahref = $angle_link_dom->at('a[href]'); +is($ahref->attr('href'), 'https://searchfox.org/mozilla-central/rev/76fe4bb385348d3f45bbebcf69ba8c7283dfcec7/mobile/android/base/java/org/mozilla/gecko/toolbar/SecurityModeUtil.java#101', 'angle links are parsed properly'); + +is($parser->render_html(''), "

<foo>

\n", "literal tags work"); + done_testing;