FIX: don't escape html of poll options

2025-09-06 10:50:21 +08:00 · 2017-07-25 13:38:04 -04:00 · 2017-07-25 13:38:04 -04:00 · 8317fb12e0
commit 8317fb12e0
parent f2e592c1ab
2 changed files with 97 additions and 99 deletions
--- a/plugins/poll/plugin.rb
+++ b/plugins/poll/plugin.rb
@ -157,14 +157,14 @@ after_initialize do
          # extract attributes
          p.attributes.values.each do |attribute|
            if attribute.name.start_with?(DATA_PREFIX)
-              poll[attribute.name[DATA_PREFIX.length..-1]] = CGI::escapeHTML(attribute.value || "")
+              poll[attribute.name[DATA_PREFIX.length..-1]] = CGI.escapeHTML(attribute.value || "")
            end
          end
          # extract options
          p.css("li[#{DATA_PREFIX}option-id]").each do |o|
-            option_id = CGI::escapeHTML(o.attributes[DATA_PREFIX + "option-id"].value || "")
+            option_id = o.attributes[DATA_PREFIX + "option-id"].value || ""
-            poll["options"] << { "id" => option_id, "html" => CGI::escapeHTML(o.inner_html), "votes" => 0 }
+            poll["options"] << { "id" => option_id, "html" => o.inner_html, "votes" => 0 }
          end
          # add the poll
--- a/plugins/poll/spec/lib/pretty_text_spec.rb
+++ b/plugins/poll/spec/lib/pretty_text_spec.rb
@ -7,124 +7,122 @@ describe PrettyText do
    HtmlNormalize.normalize(html)
  end
-  context 'markdown it' do
+  it 'supports multi choice polls' do
-    it 'supports multi choice polls' do
+    cooked = PrettyText.cook <<~MD
-      cooked = PrettyText.cook <<~MD
+      [poll type=multiple min=1 max=3 public=true]
-        [poll type=multiple min=1 max=3 public=true]
+      * option 1
-        * option 1
+      * option 2
-        * option 2
+      * option 3
-        * option 3
+      [/poll]
-        [/poll]
+    MD
      MD
-      expect(cooked).to include('class="poll"')
+    expect(cooked).to include('class="poll"')
-      expect(cooked).to include('data-poll-status="open"')
+    expect(cooked).to include('data-poll-status="open"')
-      expect(cooked).to include('data-poll-name="poll"')
+    expect(cooked).to include('data-poll-name="poll"')
-      expect(cooked).to include('data-poll-type="multiple"')
+    expect(cooked).to include('data-poll-type="multiple"')
-      expect(cooked).to include('data-poll-min="1"')
+    expect(cooked).to include('data-poll-min="1"')
-      expect(cooked).to include('data-poll-max="3"')
+    expect(cooked).to include('data-poll-max="3"')
-      expect(cooked).to include('data-poll-public="true"')
+    expect(cooked).to include('data-poll-public="true"')
-    end
+  end
-    it 'can dynamically generate a poll' do
+  it 'can dynamically generate a poll' do
-      cooked = PrettyText.cook <<~MD
+    cooked = PrettyText.cook <<~MD
-        [poll type=number min=1 max=20 step=1]
+      [poll type=number min=1 max=20 step=1]
-        [/poll]
+      [/poll]
-      MD
+    MD
-      expect(cooked.scan('<li').length).to eq(20)
+    expect(cooked.scan('<li').length).to eq(20)
-    end
+  end
-    it 'can properly bake 2 polls' do
+  it 'can properly bake 2 polls' do
-      md = <<~MD
+    md = <<~MD
-        this is a test
+      this is a test
-        - i am a list
+      - i am a list
-        [poll]
+      [poll]
-        1. test 1
+      1. test 1
-        2. test 2
+      2. test 2
-        [/poll]
+      [/poll]
-        [poll name=poll2]
+      [poll name=poll2]
-        1. test 1
+      1. test 1
-        2. test 2
+      2. test 2
-        [/poll]
+      [/poll]
-      MD
+    MD
-      cooked = PrettyText.cook(md)
+    cooked = PrettyText.cook(md)
-      expect(cooked.scan('class="poll"').length).to eq(2)
+    expect(cooked.scan('class="poll"').length).to eq(2)
-    end
+  end
-    it 'does not break poll options when going from loose to tight' do
+  it 'does not break poll options when going from loose to tight' do
-      md = <<~MD
+    md = <<~MD
-        [poll type=multiple]
+      [poll type=multiple]
-        1. test 1 :) <b>test</b>
+      1. test 1 :) <b>test</b>
-        2. test 2
+      2. test 2
-        [/poll]
+      [/poll]
-      MD
+    MD
-      tight_cooked = PrettyText.cook(md)
+    tight_cooked = PrettyText.cook(md)
-      md = <<~MD
+    md = <<~MD
-        [poll type=multiple]
+      [poll type=multiple]
-        1. test 1 :) <b>test</b>
+      1. test 1 :) <b>test</b>
-        2. test 2
+      2. test 2
-        [/poll]
+      [/poll]
-      MD
+    MD
-      loose_cooked = PrettyText.cook(md)
+    loose_cooked = PrettyText.cook(md)
-      tight_hashes = tight_cooked.scan(/data-poll-option-id=['"]([^'"]+)/)
+    tight_hashes = tight_cooked.scan(/data-poll-option-id=['"]([^'"]+)/)
-      loose_hashes = loose_cooked.scan(/data-poll-option-id=['"]([^'"]+)/)
+    loose_hashes = loose_cooked.scan(/data-poll-option-id=['"]([^'"]+)/)
-      expect(tight_hashes).to eq(loose_hashes)
+    expect(tight_hashes).to eq(loose_hashes)
-    end
+  end
-    it 'can correctly cook polls' do
+  it 'can correctly cook polls' do
-      md = <<~MD
+    md = <<~MD
-        [poll type=multiple]
+      [poll type=multiple]
-        1. test 1 :) <b>test</b>
+      1. test 1 :) <b>test</b>
-        2. test 2
+      2. test 2
-        [/poll]
+      [/poll]
-      MD
+    MD
-      cooked = PrettyText.cook md
+    cooked = PrettyText.cook md
-      expected = <<~MD
+    expected = <<~MD
-        <div class="poll" data-poll-status="open" data-poll-name="poll" data-poll-type="multiple">
+      <div class="poll" data-poll-status="open" data-poll-name="poll" data-poll-type="multiple">
-        <div>
+      <div>
-        <div class="poll-container">
+      <div class="poll-container">
-        <ol>
+      <ol>
-        <li data-poll-option-id='b6475cbf6acb8676b20c60582cfc487a'>test 1 <img alt=':slight_smile:' class='emoji' src='/images/emoji/twitter/slight_smile.png?v=5' title=':slight_smile:'> <b>test</b>
+      <li data-poll-option-id='b6475cbf6acb8676b20c60582cfc487a'>test 1 <img alt=':slight_smile:' class='emoji' src='/images/emoji/twitter/slight_smile.png?v=5' title=':slight_smile:'> <b>test</b>
-        </li>
+      </li>
-        <li data-poll-option-id='7158af352698eb1443d709818df097d4'>test 2</li>
+      <li data-poll-option-id='7158af352698eb1443d709818df097d4'>test 2</li>
-        </li>
+      </li>
-        </ol>
+      </ol>
-        </div>
+      </div>
-        <div class="poll-info">
+      <div class="poll-info">
-        <p>
+      <p>
-        <span class="info-number">0</span>
+      <span class="info-number">0</span>
-        <span class="info-text">voters</span>
+      <span class="info-text">voters</span>
-        </p>
+      </p>
-        <p>
+      <p>
-        Choose up to <strong>2</strong> options</p>
+      Choose up to <strong>2</strong> options</p>
-        </div>
+      </div>
-        </div>
+      </div>
-        <div class="poll-buttons">
+      <div class="poll-buttons">
-        <a title="Cast your votes">Vote now!</a>
+      <a title="Cast your votes">Vote now!</a>
-        <a title="Display the poll results">Show results</a>
+      <a title="Display the poll results">Show results</a>
-        </div>
+      </div>
-        </div>
+      </div>
-      MD
+    MD
-      # note, hashes should remain stable even if emoji changes cause text content is hashed
+    # note, hashes should remain stable even if emoji changes cause text content is hashed
-      expect(n cooked).to eq(n expected)
+    expect(n cooked).to eq(n expected)
    end
  end
 end