summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian m. carlson <sandals@crustytoothpaste.net>2017-04-11 01:35:27 +0000
committerbrian m. carlson <sandals@crustytoothpaste.net>2017-04-11 01:35:27 +0000
commit2754b184b3b179ec00308822d7b7d6de951220c4 (patch)
tree3fb3818b380f0222a76192f87b1993fa8e1b4cb3
parent659682b11292b41188114b6099c55a681189fbf8 (diff)
comics/data: escape links in html_message properly
If a link contained an ampersand or other XML special character, it would not be encoded properly. Ensure that it's encoded properly by using String#encode. Note that encoding using the xml: :attr syntax does the attribute quotation for us, so remove the quotation marks around the interpolation. Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
-rw-r--r--lib/comics/data.rb2
-rw-r--r--spec/comic_spec.rb5
-rw-r--r--spec/fixtures/config.json12
3 files changed, 18 insertions, 1 deletions
diff --git a/lib/comics/data.rb b/lib/comics/data.rb
index d3d3a13..89fe74a 100644
--- a/lib/comics/data.rb
+++ b/lib/comics/data.rb
@@ -58,7 +58,7 @@ module Comics
end
def html_message
- %(<a href="#{@link}">Click here to view the comic.</a>)
+ %(<a href=#{@link.encode(xml: :attr)}>Click here to view the comic.</a>)
end
end
diff --git a/spec/comic_spec.rb b/spec/comic_spec.rb
index 18cf61a..79763cd 100644
--- a/spec/comic_spec.rb
+++ b/spec/comic_spec.rb
@@ -46,4 +46,9 @@ describe Comics::Comic do
# will not overlap between the two days.
expect(entry_pairs[0][0..-2]).to eq entry_pairs[1][1..-1]
end
+
+ it 'escapes ampersands in generated HTML properly' do
+ c = config.comic('example')
+ expect(c.first.html_message).to match(/&amp;/)
+ end
end
diff --git a/spec/fixtures/config.json b/spec/fixtures/config.json
index d40db03..3fc3ca8 100644
--- a/spec/fixtures/config.json
+++ b/spec/fixtures/config.json
@@ -11,6 +11,18 @@
"time":"12:00"
}
}
+ },
+ "example":{
+ "name":"Example",
+ "comics":{
+ "daily":{
+ "website": "http://www.example.com/strips/comic/",
+ "link": "http://www.example.com/strips/comic/?date=%F&type=comic",
+ "type":"link",
+ "frequency":"daily",
+ "time":"12:00"
+ }
+ }
}
},
"config": {