More <script> stripping Partially addresses issue #11.
Vytautas Ĺ altenis Vytautas.Shaltenis@gmail.com
Sat, 13 Apr 2013 23:24:30 +0300
2 files changed,
18 insertions(+),
1 deletions(-)
M
html.go
→
html.go
@@ -168,8 +168,22 @@ return
} doubleSpace(out) - out.Write(text) + if options.flags&HTML_SKIP_SCRIPT != 0 { + out.Write(stripTag(string(text), "script", "p")) + } else { + out.Write(text) + } out.WriteByte('\n') +} + +// This is a trivial implementation for the simplest possible case +func stripTag(text, tag, newTag string) []byte { + openTag := fmt.Sprintf("<%s>", tag) + closeTag := fmt.Sprintf("</%s>", tag) + openNewTag := fmt.Sprintf("<%s>", newTag) + closeNewTag := fmt.Sprintf("</%s>", newTag) + noOpen := strings.Replace(text, openTag, openNewTag, -1) + return []byte(strings.Replace(noOpen, closeTag, closeNewTag, -1)) } func (options *Html) HRule(out *bytes.Buffer) {
M
inline_test.go
→
inline_test.go
@@ -82,6 +82,9 @@ "<p>zz alert()</p>\n",
" <script>alert()</script>\n", "<p>alert()</p>\n", + + "<script>alert()</script>\n", + "<p>alert()</p>\n", } doTestsInlineParam(t, tests, 0, HTML_SKIP_STYLE|HTML_SKIP_SCRIPT) }