* [PATCH 2/4] t/hl_mod: extra check to ensure we escape HTML
2019-01-27 11:48 4% [PATCH 0/4] viewvcs: wire up highlight to solver Eric Wong
@ 2019-01-27 11:48 7% ` Eric Wong
0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2019-01-27 11:48 UTC (permalink / raw)
To: meta
Otherwise, it's open season on our users :<
---
t/hl_mod.t | 1 +
1 file changed, 1 insertion(+)
diff --git a/t/hl_mod.t b/t/hl_mod.t
index b8b8eb9..62cc624 100644
--- a/t/hl_mod.t
+++ b/t/hl_mod.t
@@ -20,6 +20,7 @@ my $orig = $str;
my $ref = $hls->do_hl(\$str, 'foo.perl');
is(ref($ref), 'SCALAR', 'got a scalar reference back');
like($$ref, qr/I can see you!/, 'we can see ourselves in output');
+ like($$ref, qr/&&/, 'escaped');
use PublicInbox::Spawn qw(which);
if (eval { require IPC::Run } && which('w3m')) {
--
EW
^ permalink raw reply related [relevance 7%]
* [PATCH 0/4] viewvcs: wire up highlight to solver
@ 2019-01-27 11:48 4% Eric Wong
2019-01-27 11:48 7% ` [PATCH 2/4] t/hl_mod: extra check to ensure we escape HTML Eric Wong
0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2019-01-27 11:48 UTC (permalink / raw)
To: meta
Since we go through the trouble of recreating blobs with solver;
show them with syntax-highlighting.
Fortunately, Debian systems have "libhighlight-perl" SWIG bindings
packaged. Going to hammer-away on it with check-www-inbox.perl
before deploying
Eric Wong (4):
wwwhighlight: read_in_full returns undef on errors
t/hl_mod: extra check to ensure we escape HTML
hlmod: disable enclosing <pre> tag
viewvcs: wire up syntax-highlighting for blobs
contrib/css/216dark.css | 20 ++++++++++++++++++++
lib/PublicInbox/HlMod.pm | 1 -
lib/PublicInbox/UserContent.pm | 20 ++++++++++++++++++++
lib/PublicInbox/ViewVCS.pm | 15 ++++++++++++++-
lib/PublicInbox/WwwHighlight.pm | 1 +
t/hl_mod.t | 3 ++-
6 files changed, 57 insertions(+), 3 deletions(-)
--
EW
^ permalink raw reply [relevance 4%]
Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2019-01-27 11:48 4% [PATCH 0/4] viewvcs: wire up highlight to solver Eric Wong
2019-01-27 11:48 7% ` [PATCH 2/4] t/hl_mod: extra check to ensure we escape HTML Eric Wong
Code repositories for project(s) associated with this public inbox
https://80x24.org/public-inbox.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).