Fix class injection in fence renderer

Close https://github.com/markdown-it/markdown-it/issues/128
9 years ago · 019bbda5f5
3 changed files with 30 additions and 2 deletions
--- a/lib/renderer.js
+++ b/lib/renderer.js
@ -30,11 +30,12 @@ default_rules.code_block = function (tokens, idx /*, options, env */) {

 default_rules.fence = function (tokens, idx, options, env, self) {
  var token = tokens[idx],
+      info = token.info ? unescapeAll(token.info).trim() : '',
      langName = '',
      highlighted;

-  if (token.info) {
-    langName = unescapeAll(token.info.trim().split(/\s+/g)[0]);
+  if (info) {
+    langName = info.split(/\s+/g)[0];
    token.attrPush([ 'class', options.langPrefix + langName ]);
  }

--- a/test/fixtures/markdown-it/commonmark_extras.txt
+++ b/test/fixtures/markdown-it/commonmark_extras.txt
@ -98,6 +98,16 @@ Regression test (code block + regular paragraph)
 </blockquote>
 .

+Don't output empty class here:
+.
+```&#x20;
+test
+```
+.
+<pre><code>test
+</code></pre>
+.
+

 Coverage. Directive can terminate paragraph.
 .
--- a/test/fixtures/markdown-it/xss.txt
+++ b/test/fixtures/markdown-it/xss.txt
@ -109,3 +109,20 @@ References
 .
 <p>[test]: javascript:alert(1)</p>
 .
+
+
+Make sure we decode entities before split:
+.
+```js&#32;custom-class
+test1
+```
+
+```js&#x0C;custom-class
+test2
+```
+.
+<pre><code class="js">test1
+</code></pre>
+<pre><code class="js">test2
+</code></pre>
+.