Fixed that strip_tags blows up with invalid html (closes #9730) [lifo]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7677 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
2026-04-26 03:00:59 -04:00 · 2007-09-29 20:19:33 +00:00
parent 4953563e08
commit 826f0bd42f
2 changed files with 9 additions and 4 deletions
--- a/actionpack/lib/action_view/helpers/text_helper.rb
+++ b/actionpack/lib/action_view/helpers/text_helper.rb
@@ -329,15 +329,15 @@ module ActionView
      #   strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.')
      #   # => Blog: Visit
      def strip_links(html)
-        if !html.blank? && html.index("<a") || html.index("<href")
+        if !html.blank? && (html.index("<a") || html.index("<href")) && html.index(">")
          tokenizer = HTML::Tokenizer.new(html)
          result = returning [] do |result|
            while token = tokenizer.next 
              node = HTML::Node.parse(nil, 0, 0, token, false) 
              result << node.to_s unless node.is_a?(HTML::Tag) && ["a", "href"].include?(node.name) 
            end 
-          end
-          strip_links(result.join) # Recurse - handle all dirty nested links
+          end.join
+          result == html ? result : strip_links(result) # Recurse - handle all dirty nested links
        else
          html
        end
@@ -468,8 +468,10 @@ module ActionView
        
        # strip any comments, and if they have a newline at the end (ie. line with
        # only a comment) strip that too
+        result = text.join.gsub(/<!--(.*?)-->[\n]?/m, "")
+        
        # Recurse - handle all dirty nested tags
-        strip_tags(text.join.gsub(/<!--(.*?)-->[\n]?/m, ""))
+        result == html ? result : strip_tags(result)
      end
      
      # Creates a Cycle object whose _to_s_ method cycles through elements of an
--- a/actionpack/test/template/text_helper_test.rb
+++ b/actionpack/test/template/text_helper_test.rb
@@ -48,6 +48,7 @@ class TextHelperTest < Test::Unit::TestCase
  
  def test_strip_links
    assert_equal "Dont touch me", strip_links("Dont touch me")
+    assert_equal "<a<a", strip_links("<a<a")
    assert_equal "on my mind\nall day long", strip_links("<a href='almost'>on my mind</a>\n<A href='almost'>all day long</A>")
    assert_equal "0wn3d", strip_links("<a href='http://www.rubyonrails.com/'><a href='http://www.rubyonrails.com/' onlclick='steal()'>0wn3d</a></a>") 
    assert_equal "Magic", strip_links("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic") 
@@ -537,6 +538,8 @@ class TextHelperTest < Test::Unit::TestCase
  end

  def test_strip_tags
+    assert_equal("<<<bad html", strip_tags("<<<bad html"))
+    assert_equal("<<", strip_tags("<<<bad html>"))
    assert_equal("Dont touch me", strip_tags("Dont touch me"))
    assert_equal("This is a test.", strip_tags("<p>This <u>is<u> a <a href='test.html'><strong>test</strong></a>.</p>"))
    assert_equal("Weirdos", strip_tags("Wei<<a>a onclick='alert(document.cookie);'</a>/>rdos"))