Bugfix for #3024 - escaping HTML tags

This commit is contained in:
Tobias Hößl 2017-03-04 15:50:41 +01:00
parent 95c19159f8
commit e698d81f9f
2 changed files with 8 additions and 2 deletions

View File

@ -172,7 +172,7 @@ angular.module('OpenSlidesApp.motions.diff', ['OpenSlidesApp.motions.lineNumberi
this._serializeDom = function(node, stripLineNumbers) {
if (node.nodeType == TEXT_NODE) {
return node.nodeValue;
return node.nodeValue.replace(/</g, "&lt;").replace(/>/g, "&gt;");
}
if (stripLineNumbers && (
lineNumberingService._isOsLineNumberNode(node) || lineNumberingService._isOsLineBreakNode(node))) {
@ -193,7 +193,7 @@ angular.module('OpenSlidesApp.motions.diff', ['OpenSlidesApp.motions.lineNumberi
var html = this._serializeTag(node);
for (var i = 0; i < node.childNodes.length; i++) {
if (node.childNodes[i].nodeType == TEXT_NODE) {
html += node.childNodes[i].nodeValue;
html += node.childNodes[i].nodeValue.replace(/</g, "&lt;").replace(/>/g, "&gt;");
} else if (!stripLineNumbers || (!lineNumberingService._isOsLineNumberNode(node.childNodes[i]) && !lineNumberingService._isOsLineBreakNode(node.childNodes[i]))) {
html += this._serializeDom(node.childNodes[i], stripLineNumbers);
}

View File

@ -188,6 +188,12 @@ describe('linenumbering', function () {
expect(diff.outerContextStart).toBe('<OL start="3">');
expect(diff.outerContextEnd).toBe('</OL>');
});
it('escapes text resembling HTML-Tags', function () {
var inHtml = '<h2>' + noMarkup(1) + 'Looks like a &lt;p&gt; tag &lt;/p&gt;</h2><p>' + noMarkup(2) + 'Another line</p>';
var diff = diffService.extractRangeByLineNumbers(inHtml, 1, 2, true);
expect(diff.html).toBe('<H2>Looks like a &lt;p&gt; tag &lt;/p&gt;</H2>');
});
});
describe('merging two sections', function () {