all repos — grayfriday @ 717a976f69634a0e5a08abcf3a6ce686a5d482a8

blackfriday fork with a few changes 

Merge pull request #76 from mprobst/self-closing

feat: Write self-closing tags with a />
Vytautas Ĺ altenis vytas@rtfb.lt
Sat, 03 May 2014 15:11:53 +0300
commit

717a976f69634a0e5a08abcf3a6ce686a5d482a8

parent

643477a0516ad3565177aa8ac8371e0eb4c824f9

2 files changed, 21 insertions(+), 5 deletions(-)

jump to
M inline_test.goinline_test.go 
@@ -200,16 +200,13 @@ "<p>&lt;iframe src=<a href=\"http://ha.ckers.org/scriptlet.html\">http://ha.ckers.org/scriptlet.html</a> &lt;</p>\n",
 
 		// Additonal token types: SelfClosing, Comment, DocType.
 		"<br/>",
-		"<p><br></p>\n",
+		"<p><br/></p>\n",
 
 		"<!-- Comment -->",
 		"<!-- Comment -->\n",
 
 		"<!DOCTYPE test>",
 		"<p>&lt;!DOCTYPE test&gt;</p>\n",
-
-		"<hr>",
-		"<hr>\n",
 	}
 	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT)
 }

@@ -233,6 +230,21 @@
 		// Same test for an unknown element that does not switch into raw mode.
 		`Here are <eviltag> some "quotes".`,
 		"<p>Here are &lt;eviltag&gt; some &#34;quotes&#34;.</p>\n",
+	}
+	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT)
+}
+
+func TestSanitizeSelfClosingTag(t *testing.T) {
+	tests := []string{
+		"<hr>\n",
+		"<hr>\n",
+
+		"<hr/>\n",
+		"<hr/>\n",
+
+		// Make sure that evil attributes are stripped for self closing tags.
+		"<hr onclick=\"evil()\"/>\n",
+		"<hr/>\n",
 	}
 	doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SANITIZE_OUTPUT)
 }
M sanitize.gosanitize.go 
@@ -103,7 +103,11 @@ wr.WriteString(html.EscapeString(string(val)))
 						wr.WriteByte('"')
 					}
 				}
-				wr.WriteString(">")
+				if t == html.SelfClosingTagToken {
+					wr.WriteString("/>")
+				} else {
+					wr.WriteString(">")
+				}
 			} else {
 				wr.WriteString(html.EscapeString(string(tokenizer.Raw())))
 			}