diff options
| author | Joe Mooring <joe.mooring@veriphor.com> | 2022-02-03 16:03:25 -0800 |
|---|---|---|
| committer | Bjørn Erik Pedersen <bjorn.erik.pedersen@gmail.com> | 2022-02-10 18:25:19 +0100 |
| commit | f7bc4cc505950df738ab11aa3c611f324dd6c158 (patch) | |
| tree | b4460179217e0840d9f42617a0b34b537ad237bd /markup | |
| parent | 54f8d8a70a157b7ca871abef8d899a3c9f2ccdb6 (diff) | |
Exclude event attributes when rendering markdown
Closes #9463
Diffstat (limited to 'markup')
| -rw-r--r-- | markup/goldmark/integration_test.go | 61 | ||||
| -rw-r--r-- | markup/goldmark/render_hooks.go | 3 |
2 files changed, 63 insertions, 1 deletions
diff --git a/markup/goldmark/integration_test.go b/markup/goldmark/integration_test.go new file mode 100644 index 000000000..387d7be66 --- /dev/null +++ b/markup/goldmark/integration_test.go @@ -0,0 +1,61 @@ +// Copyright 2021 The Hugo Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package goldmark_test + +import ( + "testing" + + "github.com/gohugoio/hugo/hugolib" +) + +func TestAttributeExclusion(t *testing.T) { + t.Parallel() + + files := ` +-- config.toml -- +[markup.goldmark.renderer] + unsafe = false +[markup.goldmark.parser.attribute] + block = true + title = true +-- content/p1.md -- +--- +title: "p1" +--- +## Heading {class="a" onclick="alert('heading')" linenos="inline"} + +> Blockquote +{class="b" ondblclick="alert('blockquote')" LINENOS="inline"} + +~~~bash {id="c" onmouseover="alert('code fence')"} +foo +~~~ +-- layouts/_default/single.html -- +{{ .Content }} +` + + b := hugolib.NewIntegrationTestBuilder( + hugolib.IntegrationTestConfig{ + T: t, + TxtarString: files, + NeedsOsFS: false, + }, + ).Build() + + b.AssertFileContent("public/p1/index.html", ` +<h2 class="a" id="heading"> +<blockquote class="b"> +<div class="highlight" id="c"> + `) +} diff --git a/markup/goldmark/render_hooks.go b/markup/goldmark/render_hooks.go index 9e9ca1976..e6d959abf 100644 --- a/markup/goldmark/render_hooks.go +++ b/markup/goldmark/render_hooks.go @@ -161,7 +161,8 @@ func renderAttributes(w util.BufWriter, skipClass bool, attributes ...ast.Attrib continue } - if attributeExcludes[string(attr.Name)] { + a := strings.ToLower(string(attr.Name)) + if attributeExcludes[a] || strings.HasPrefix(a, "on") { continue } |