Ticket #9730: strip_stack_too_deep.patch
| File strip_stack_too_deep.patch, 2.9 kB (added by lifofifo, 10 months ago) |
|---|
-
actionpack/test/template/text_helper_test.rb
old new 48 48 49 49 def test_strip_links 50 50 assert_equal "Dont touch me", strip_links("Dont touch me") 51 assert_equal "<a<a", strip_links("<a<a") 51 52 assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>") 52 53 assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>") 53 54 assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic") … … 537 538 end 538 539 539 540 def test_strip_tags 541 assert_equal("<<<bad html", strip_tags("<<<bad html")) 542 assert_equal("<<", strip_tags("<<<bad html>")) 540 543 assert_equal("Dont touch me", strip_tags("Dont touch me")) 541 544 assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>")) 542 545 assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos")) -
actionpack/lib/action_view/helpers/text_helper.rb
old new 329 329 # strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.') 330 330 # # => Blog: Visit 331 331 def strip_links(html) 332 if !html.blank? && html.index("<a") || html.index("<href")332 if !html.blank? && (html.index("<a") || html.index("<href")) && html.index(">") 333 333 tokenizer = HTML::Tokenizer.new(html) 334 334 result = returning [] do |result| 335 335 while token = tokenizer.next 336 336 node = HTML::Node.parse(nil, 0, 0, token, false) 337 337 result << node.to_s unless node.is_a?(HTML::Tag) && ["a", "href"].include?(node.name) 338 338 end 339 end 340 strip_links(result.join) # Recurse - handle all dirty nested links339 end.join 340 result == html ? result : strip_links(result) # Recurse - handle all dirty nested links 341 341 else 342 342 html 343 343 end … … 468 468 469 469 # strip any comments, and if they have a newline at the end (ie. line with 470 470 # only a comment) strip that too 471 result = text.join.gsub(/<!--(.*?)-->[\n]?/m, "") 472 471 473 # Recurse - handle all dirty nested tags 472 strip_tags(text.join.gsub(/<!--(.*?)-->[\n]?/m, ""))474 result == html ? result : strip_tags(result) 473 475 end 474 476 475 477 # Creates a Cycle object whose _to_s_ method cycles through elements of an
