escape HTML entities in code parsed from markdown, fixes #2744
This commit is contained in:
parent
676936e33d
commit
e09437f4fa
3 changed files with 21 additions and 2 deletions
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -15,6 +15,14 @@ const SCRIPT_END_PLACEHOLDER = '__SCRIPT_END__';
|
||||||
|
|
||||||
const CODE_LINE_NUMBER_REGEX = /\[([\s\d,|-]*)\]/;
|
const CODE_LINE_NUMBER_REGEX = /\[([\s\d,|-]*)\]/;
|
||||||
|
|
||||||
|
const HTML_ESCAPE_MAP = {
|
||||||
|
'&': '&',
|
||||||
|
'<': '<',
|
||||||
|
'>': '>',
|
||||||
|
'"': '"',
|
||||||
|
"'": '''
|
||||||
|
};
|
||||||
|
|
||||||
const Plugin = () => {
|
const Plugin = () => {
|
||||||
|
|
||||||
// The reveal.js instance this plugin is attached to
|
// The reveal.js instance this plugin is attached to
|
||||||
|
@ -399,6 +407,12 @@ const Plugin = () => {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function escapeForHTML( input ) {
|
||||||
|
|
||||||
|
return input.replace( /([&<>'"])/g, char => HTML_ESCAPE_MAP[char] );
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
return {
|
return {
|
||||||
id: 'markdown',
|
id: 'markdown',
|
||||||
|
|
||||||
|
@ -427,6 +441,11 @@ const Plugin = () => {
|
||||||
language = language.replace( CODE_LINE_NUMBER_REGEX, '' ).trim();
|
language = language.replace( CODE_LINE_NUMBER_REGEX, '' ).trim();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Escape before this gets injected into the DOM to
|
||||||
|
// avoid having the HTML parser alter our code before
|
||||||
|
// highlight.js is able to read it
|
||||||
|
code = escapeForHTML( code );
|
||||||
|
|
||||||
return `<pre><code ${lineNumbers} class="${language}">${code}</code></pre>`;
|
return `<pre><code ${lineNumbers} class="${language}">${code}</code></pre>`;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue