From 019bbda5f5ee8b7d00f2633340aef3b0d000e3f1 Mon Sep 17 00:00:00 2001 From: Alex Kocharin Date: Thu, 2 Jul 2015 15:39:25 +0300 Subject: [PATCH] Fix class injection in fence renderer Close https://github.com/markdown-it/markdown-it/issues/128 --- lib/renderer.js | 5 +++-- test/fixtures/markdown-it/commonmark_extras.txt | 10 ++++++++++ test/fixtures/markdown-it/xss.txt | 17 +++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/lib/renderer.js b/lib/renderer.js index 1139edb..9c9bca9 100644 --- a/lib/renderer.js +++ b/lib/renderer.js @@ -30,11 +30,12 @@ default_rules.code_block = function (tokens, idx /*, options, env */) { default_rules.fence = function (tokens, idx, options, env, self) { var token = tokens[idx], + info = token.info ? unescapeAll(token.info).trim() : '', langName = '', highlighted; - if (token.info) { - langName = unescapeAll(token.info.trim().split(/\s+/g)[0]); + if (info) { + langName = info.split(/\s+/g)[0]; token.attrPush([ 'class', options.langPrefix + langName ]); } diff --git a/test/fixtures/markdown-it/commonmark_extras.txt b/test/fixtures/markdown-it/commonmark_extras.txt index 130d6c9..fe302ae 100644 --- a/test/fixtures/markdown-it/commonmark_extras.txt +++ b/test/fixtures/markdown-it/commonmark_extras.txt @@ -98,6 +98,16 @@ Regression test (code block + regular paragraph) . +Don't output empty class here: +. +``` +test +``` +. +
test
+
+. + Coverage. Directive can terminate paragraph. . diff --git a/test/fixtures/markdown-it/xss.txt b/test/fixtures/markdown-it/xss.txt index 589c9c2..7c0512e 100644 --- a/test/fixtures/markdown-it/xss.txt +++ b/test/fixtures/markdown-it/xss.txt @@ -109,3 +109,20 @@ References .

[test]: javascript:alert(1)

. + + +Make sure we decode entities before split: +. +```js custom-class +test1 +``` + +```js custom-class +test2 +``` +. +
test1
+
+
test2
+
+.