зеркало из https://github.com/golang/net.git
html: escape comment and doctype tokens' data
Fixes golang/go#48237 Change-Id: I309e3ad30684fb71b9b3e67dfac156da08dbc69b Reviewed-on: https://go-review.googlesource.com/c/net/+/419334 Run-TryBot: Nigel Tao <nigeltao@golang.org> Reviewed-by: Cherry Mui <cherryyz@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Kunpei Sakai <namusyaka@gmail.com> TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Nigel Tao
Родитель
46097bf591
Коммит
0699458419
|
|
@ -85,7 +85,7 @@ func render1(w writer, n *Node) error {
|
|||
if _, err := w.WriteString("<!--"); err != nil {
|
||||
return err
|
||||
}
|
||||
if _, err := w.WriteString(n.Data); err != nil {
|
||||
if err := escape(w, n.Data); err != nil {
|
||||
return err
|
||||
}
|
||||
if _, err := w.WriteString("-->"); err != nil {
|
||||
|
|
@ -96,7 +96,7 @@ func render1(w writer, n *Node) error {
|
|||
if _, err := w.WriteString("<!DOCTYPE "); err != nil {
|
||||
return err
|
||||
}
|
||||
if _, err := w.WriteString(n.Data); err != nil {
|
||||
if err := escape(w, n.Data); err != nil {
|
||||
return err
|
||||
}
|
||||
if n.Attr != nil {
|
||||
|
|
|
|||
|
|
@ -94,6 +94,10 @@ func TestRenderer(t *testing.T) {
|
|||
Data: "comm",
|
||||
},
|
||||
15: {
|
||||
Type: CommentNode,
|
||||
Data: "x-->y", // Needs escaping.
|
||||
},
|
||||
16: {
|
||||
Type: RawNode,
|
||||
Data: "7<pre>8</pre>9",
|
||||
},
|
||||
|
|
@ -119,7 +123,8 @@ func TestRenderer(t *testing.T) {
|
|||
12: `. . <br>`,
|
||||
13: `. . "6"`,
|
||||
14: `. . "<!--comm-->"`,
|
||||
15: `. . "7<pre>8</pre>9"`,
|
||||
15: `. . "<!--x-->y-->"`,
|
||||
16: `. . "7<pre>8</pre>9"`,
|
||||
}
|
||||
if len(nodes) != len(treeAsText) {
|
||||
t.Fatal("len(nodes) != len(treeAsText)")
|
||||
|
|
@ -155,7 +160,7 @@ func TestRenderer(t *testing.T) {
|
|||
|
||||
want := `<html><head></head><body>0<1<p id="A" foo="abc"def">` +
|
||||
`2<b empty="">3</b><i backslash="\">&4</i></p>` +
|
||||
`5<blockquote></blockquote><br/>6<!--comm-->7<pre>8</pre>9</body></html>`
|
||||
`5<blockquote></blockquote><br/>6<!--comm--><!--x-->y-->7<pre>8</pre>9</body></html>`
|
||||
b := new(bytes.Buffer)
|
||||
if err := Render(b, nodes[0]); err != nil {
|
||||
t.Fatal(err)
|
||||
|
|
|
|||
|
|
@ -110,9 +110,9 @@ func (t Token) String() string {
|
|||
case SelfClosingTagToken:
|
||||
return "<" + t.tagString() + "/>"
|
||||
case CommentToken:
|
||||
return "<!--" + t.Data + "-->"
|
||||
return "<!--" + EscapeString(t.Data) + "-->"
|
||||
case DoctypeToken:
|
||||
return "<!DOCTYPE " + t.Data + ">"
|
||||
return "<!DOCTYPE " + EscapeString(t.Data) + ">"
|
||||
}
|
||||
return "Invalid(" + strconv.Itoa(int(t.Type)) + ")"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -314,12 +314,12 @@ var tokenTests = []tokenTest{
|
|||
{
|
||||
"comment3",
|
||||
"a<!--x>-->z",
|
||||
"a$<!--x>-->$z",
|
||||
"a$<!--x>-->$z",
|
||||
},
|
||||
{
|
||||
"comment4",
|
||||
"a<!--x->-->z",
|
||||
"a$<!--x->-->$z",
|
||||
"a$<!--x->-->$z",
|
||||
},
|
||||
{
|
||||
"comment5",
|
||||
|
|
@ -334,7 +334,7 @@ var tokenTests = []tokenTest{
|
|||
{
|
||||
"comment7",
|
||||
"a<!---<>z",
|
||||
"a$<!---<>z-->",
|
||||
"a$<!---<>z-->",
|
||||
},
|
||||
{
|
||||
"comment8",
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче