#41 open
closer

sanitize_html too greedy

Reported by closer | August 17th, 2008 @ 01:39 PM

Hello All

I using following markup:

!>http://hobix.com/sample.jpg!

!<http://hobix.com/sample.jpg!

text

!>http://hobix.com/sample.jpg! <<<

and appear following HTML code:

<<<

As you can see that HTML not show "text" string and first image. Why?

I think that RedCloth has a problem with processing '<' meta-tag in image tag. I also think that at this is case the image should has float:left style.

Thanks

P.S. I using sanitize_html

Comments and changes to this ticket

  • closer

    closer August 17th, 2008 @ 01:41 PM

    Ups :) For any case I attach message as plain text.

    Thanks

  • Jason Garber

    Jason Garber August 18th, 2008 @ 12:06 PM

    Are you using RedCloth 4.0? Here's what I get:

    
    >> require 'RedCloth'
    => true
    >> RedCloth.new(<<EOD).to_html
    !>http://hobix.com/sample.jpg!
    
    !<http://hobix.com/sample.jpg!
    
    text
    
    !>http://hobix.com/sample.jpg!
    EOD
    

    outputs

    
    <p style="float:right;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    <p style="float:left;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    <p>text</p>
    <p style="float:right;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    

    which is fine.

    Please give more specific instructions to replicate your problem.

  • closer

    closer August 18th, 2008 @ 12:31 PM

    I attach Rails project for reproduce problem.

    P.S.

    RedCloth.new(<<EOD).to_html Try to set sanitize_html = true before call method 'to_html'

    P.P.S. RedCloth (4.0.1)

  • Jason Garber

    Jason Garber August 19th, 2008 @ 07:08 AM

    • Milestone changed from 4.0.3 to 4.0.4
    • State changed from “new” to “open”

    Okay, I'll check it out.

  • Jason Garber

    Jason Garber September 16th, 2008 @ 03:40 PM

    • Tag changed from formatters, html, images to formatters, html, images

    Confirmed. The problem seems to be overeager sanitize_html.

    
    >> puts RedCloth.new(text).to_html
    <p style="float:right;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    <p style="float:left;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    <p>text</p>
    <p style="float:right;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    => nil
    >> puts RedCloth.new(text, [:sanitize_html]).to_html
    <p style="float:right;"><img src="http://hobix.com/sample.jpg" alt="" /></p>
    <p><img src="http://hobix.com/sample.jpg" alt="" /></p>
    => nil
    
    
  • Jason Garber

    Jason Garber October 1st, 2008 @ 01:50 PM

    • Tag changed from formatters, html, images to formatters, html, images, sanitize_html

    Ouch. Looks like I'm going to have to refactor sanitize_html. Oh well. I knew when I took the cheap way the first time, it would have to do it right eventually.

  • Jason Garber

    Jason Garber October 1st, 2008 @ 04:36 PM

    • Title changed from “Problem with align by left image” to “sanitize_html too greedy”
    • Milestone cleared.

    To do this right, it will take some serious refactoring of sanitize_html. Pushing it back to a later milestone.

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

RedCloth is a Ruby library for converting Textile into HTML

Shared Ticket Bins

People watching this ticket

Attachments

Pages