From 1204eb62c31f75dbaf976757da8536e35aeecfcb Mon Sep 17 00:00:00 2001 From: Robin Ward Date: Thu, 29 Aug 2013 14:15:05 -0400 Subject: [PATCH] FIX: Escape contents when using the quote tool. --- app/assets/javascripts/discourse/components/quote.js | 4 ++++ test/javascripts/components/bbcode_test.js | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/app/assets/javascripts/discourse/components/quote.js b/app/assets/javascripts/discourse/components/quote.js index 496a2dc99f0..54692464ca5 100644 --- a/app/assets/javascripts/discourse/components/quote.js +++ b/app/assets/javascripts/discourse/components/quote.js @@ -23,6 +23,10 @@ Discourse.Quote = { sansQuotes = contents.replace(this.REGEXP, '').trim(); if (sansQuotes.length === 0) return ""; + // Escape the content of the quote + sansQuotes = sansQuotes.replace(//g, ">"); + result = "[quote=\"" + post.get('username') + ", post:" + post.get('post_number') + ", topic:" + post.get('topic_id'); /* Strip the HTML from cooked */ diff --git a/test/javascripts/components/bbcode_test.js b/test/javascripts/components/bbcode_test.js index a72e8655982..60112f708d0 100644 --- a/test/javascripts/components/bbcode_test.js +++ b/test/javascripts/components/bbcode_test.js @@ -62,7 +62,6 @@ test("quotes", function() { formatQuote("lorem", "[quote=\"eviltrout, post:1, topic:2\"]\nlorem\n[/quote]\n\n", "correctly formats quotes"); - formatQuote(" lorem \t ", "[quote=\"eviltrout, post:1, topic:2\"]\nlorem\n[/quote]\n\n", "trims white spaces before & after the quoted contents"); @@ -75,6 +74,9 @@ test("quotes", function() { "[quote=\"eviltrout, post:1, topic:2, full:true\"]\n**lorem** ipsum\n[/quote]\n\n", "keeps BBCode formatting"); + formatQuote("this is a bug", + "[quote=\"eviltrout, post:1, topic:2\"]\nthis is <not> a bug\n[/quote]\n\n", + "it escapes the contents of the quote"); }); test("quote formatting", function() {