Closed GoogleCodeExporter closed 9 years ago
Original comment by axelclk@gmail.com
on 4 Jul 2010 at 9:11
Here are the changes for "<source lang='sql'>", along with a screendump showing
it in action on the "Wiki Sandbox" page of http://androidcookbook.oreilly.com/
There is a one or two-line patch to Configuration.java, and the actual
SQLCodeFilter and of course SQLTest.
Thanks.
Original comment by dp925...@gmail.com
on 4 Jul 2010 at 11:24
Attachments:
Better version of the code filter (and test): more keywords, and,
case-insensitive
comparison. Can't test ATM because "EditTest" hangs on some weird connection
failure.
Original comment by dp925...@gmail.com
on 5 Jul 2010 at 12:28
Attachments:
Test passes; please use this version, thanks.
Original comment by dp925...@gmail.com
on 5 Jul 2010 at 1:23
Thanks for your patch, but I think it should at least escape some special
characters like in the AbstractCPPBasedCodeFilter#appendChar() method to avoid
cross site scripting.
See this (wrong) JUnit test for example, it could insert some JavaScript in
your wiki page:
public void test002() {
final String result = wikiModel.render("'''SQL Example'''\n" + "<source lang='sql'>\n"
+ "<form><input type=\"button\" onclick=\"alert('Are you sure you want to do this?')\" value=\"Alert\"></form>\n"
+ "</source>");
String expect = "";
assertEquals("SQL test002", expect, result);
}
Original comment by axelclk@gmail.com
on 5 Jul 2010 at 6:21
Right you are. New version of SQLCodeFilter, and test which includes a finished
version of your "test00", attached. Thanks.
Original comment by dp925...@gmail.com
on 5 Jul 2010 at 7:05
Attachments:
Try the attachment again.
Original comment by dp925...@gmail.com
on 5 Jul 2010 at 7:07
Attachments:
Patch committed:
http://code.google.com/p/gwtwiki/source/detail?r=1627
Original comment by axelclk@gmail.com
on 7 Jul 2010 at 5:13
Original issue reported on code.google.com by
dp925...@gmail.com
on 4 Jul 2010 at 8:20