From 0e9202689e22a047943a8533d0f63caf84c5ee4a Mon Sep 17 00:00:00 2001 From: Emanuil Rusev Date: Tue, 5 Nov 2013 21:40:33 +0200 Subject: [PATCH] escaping of "<" breaks span-level html --- Parsedown.php | 25 +++++++++++-------------- tests/data/span_level_html.html | 1 + tests/data/span_level_html.md | 1 + tests/data/special_characters.html | 1 + tests/data/special_characters.md | 4 +++- 5 files changed, 17 insertions(+), 15 deletions(-) create mode 100644 tests/data/span_level_html.html create mode 100644 tests/data/span_level_html.md diff --git a/Parsedown.php b/Parsedown.php index c60d565..6274711 100755 --- a/Parsedown.php +++ b/Parsedown.php @@ -564,7 +564,9 @@ class Parsedown { foreach ($matches as $matches) { - $url = $this->escape_special_characters($matches[4]); + $url = $matches[4]; + + strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&', $url); if ($matches[1]) # image { @@ -604,7 +606,8 @@ class Parsedown if (isset($this->reference_map[$link_definition])) { $url = $this->reference_map[$link_definition]; - $url = $this->escape_special_characters($url); + + strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&', $url); if ($matches[1]) # image { @@ -636,7 +639,9 @@ class Parsedown { foreach ($matches as $matches) { - $url = $this->escape_special_characters($matches[1]); + $url = $matches[1]; + + strpos($url, '&') !== FALSE and $url = preg_replace('/&(?!#?\w+;)/', '&', $url); $element = ':text'; $element = str_replace(':text', $url, $element); @@ -656,8 +661,9 @@ class Parsedown # ~ - $text = $this->escape_special_characters($text); - + strpos($text, '&') !== FALSE and $text = preg_replace('/&(?!#?\w+;)/', '&', $text); + strpos($text, '<') !== FALSE and $text = preg_replace('/<(?!\/?\w.*?>)/', '<', $text); + # ~ if (strpos($text, '_') !== FALSE) @@ -676,13 +682,4 @@ class Parsedown return $text; } - - private function escape_special_characters($text) - { - strpos($text, '&') !== FALSE and $text = preg_replace('/&(?!#?\w+;)/', '&', $text); - - $text = str_replace('<', '<', $text); - - return $text; - } } \ No newline at end of file diff --git a/tests/data/span_level_html.html b/tests/data/span_level_html.html new file mode 100644 index 0000000..45cea57 --- /dev/null +++ b/tests/data/span_level_html.html @@ -0,0 +1 @@ +

Here's an important link.

\ No newline at end of file diff --git a/tests/data/span_level_html.md b/tests/data/span_level_html.md new file mode 100644 index 0000000..c474b55 --- /dev/null +++ b/tests/data/span_level_html.md @@ -0,0 +1 @@ +Here's an important link. \ No newline at end of file diff --git a/tests/data/special_characters.html b/tests/data/special_characters.html index 4ee8994..69fb133 100644 --- a/tests/data/special_characters.html +++ b/tests/data/special_characters.html @@ -4,5 +4,6 @@

4 < 5 and 6 > 5.

Here's a link with an ampersand in the URL.

Here's an inline link.

+

http://example.com/autolink?a=1&b=2

Based on the original test suite.

\ No newline at end of file diff --git a/tests/data/special_characters.md b/tests/data/special_characters.md index 7fae287..d997cb6 100644 --- a/tests/data/special_characters.md +++ b/tests/data/special_characters.md @@ -1,6 +1,6 @@ AT&T has an ampersand in their name. -AT&T is another way to write it. +AT&T is another way to write it. This & that. @@ -12,6 +12,8 @@ Here's an inline [link](/script?foo=1&bar=2). [1]: http://example.com/?foo=1&bar=2 + + --- Based on [the original](http://daringfireball.net/projects/downloads/MarkdownTest_1.0.zip) test suite. \ No newline at end of file