Escape major HTML characters in code blocks in BBCode::convert
- HTML sanitization was removing unescaped opening chevrons in code blocks
This commit is contained in:
parent
39cb3e68b9
commit
aa3a85c727
1 changed files with 2 additions and 2 deletions
|
@ -1283,9 +1283,9 @@ class BBCode extends BaseObject
|
||||||
function ($matches) use (&$codeblocks) {
|
function ($matches) use (&$codeblocks) {
|
||||||
$return = '#codeblock-' . count($codeblocks) . '#';
|
$return = '#codeblock-' . count($codeblocks) . '#';
|
||||||
if (strpos($matches[2], "\n") !== false) {
|
if (strpos($matches[2], "\n") !== false) {
|
||||||
$codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . trim($matches[2], "\n\r") . '</code></pre>';
|
$codeblocks[] = '<pre><code class="language-' . trim($matches[1]) . '">' . htmlspecialchars(trim($matches[2], "\n\r"), ENT_NOQUOTES, 'UTF-8') . '</code></pre>';
|
||||||
} else {
|
} else {
|
||||||
$codeblocks[] = '<code>' . $matches[2] . '</code>';
|
$codeblocks[] = '<code>' . htmlspecialchars($matches[2], ENT_NOQUOTES, 'UTF-8') . '</code>';
|
||||||
}
|
}
|
||||||
|
|
||||||
return $return;
|
return $return;
|
||||||
|
|
Loading…
Reference in a new issue