Merge pull request #322 from jch/allow-bad-tags

gjtorikian · web-flow · commit 78a50d6a8a78 · 2019-11-14T16:09:29.000Z
Allow bad tags
diff --git a/Gemfile b/Gemfile
@@ -22,4 +22,5 @@ group :test do
 
   gem 'escape_utils', '~> 1.0', require: false
   gem 'rouge', '~> 3.1', require: false
+  gem 'minitest-focus', '~> 1.1'
 end
diff --git a/gemfiles/rails_3.gemfile b/gemfiles/rails_3.gemfile
@@ -21,6 +21,7 @@ group :test do
   gem "sanitize", "~> 4.6", require: false
   gem "escape_utils", "~> 1.0", require: false
   gem "rouge", "~> 3.1", require: false
+  gem "minitest-focus", "~> 1.1"
 end
 
 gemspec path: "../"
diff --git a/gemfiles/rails_4.gemfile b/gemfiles/rails_4.gemfile
@@ -21,6 +21,7 @@ group :test do
   gem "sanitize", "~> 4.6", require: false
   gem "escape_utils", "~> 1.0", require: false
   gem "rouge", "~> 3.1", require: false
+  gem "minitest-focus", "~> 1.1"
 end
 
 gemspec path: "../"
diff --git a/gemfiles/rails_5.gemfile b/gemfiles/rails_5.gemfile
@@ -20,6 +20,7 @@ group :test do
   gem "sanitize", "~> 4.6", require: false
   gem "escape_utils", "~> 1.0", require: false
   gem "rouge", "~> 3.1", require: false
+  gem "minitest-focus", "~> 1.1"
 end
 
 gemspec path: "../"
diff --git a/gemfiles/rails_6.gemfile b/gemfiles/rails_6.gemfile
@@ -20,6 +20,7 @@ group :test do
   gem "sanitize", "~> 4.6", require: false
   gem "escape_utils", "~> 1.0", require: false
   gem "rouge", "~> 3.1", require: false
+  gem "minitest-focus", "~> 1.1"
 end
 
 gemspec path: "../"
diff --git a/lib/html/pipeline/markdown_filter.rb b/lib/html/pipeline/markdown_filter.rb
@@ -38,6 +38,7 @@ def call
 
           render_options = [:GITHUB_PRE_LANG]
           render_options << :HARDBREAKS if context[:gfm] != false
+          render_options = [:UNSAFE] if context[:unsafe]
 
           doc = CommonMarker.render_doc(@text, parse_options, extensions)
           renderer.new(options: render_options, extensions: extensions).render(doc)
diff --git a/test/html/pipeline/markdown_filter_test.rb b/test/html/pipeline/markdown_filter_test.rb
@@ -103,6 +103,22 @@ def test_legitimate_renderer
 
     assert_equal results, expected.chomp
   end
+
+  def test_without_tagfilter
+    extensions = HTML::Pipeline::MarkdownFilter::DEFAULT_COMMONMARKER_EXTENSIONS - [:tagfilter]
+    script = '<script>foobar</script>'
+    results = MarkdownFilter.new(script, unsafe: true, commonmarker_extensions: extensions).call
+
+    assert_equal results, script
+  end
+
+  def test_legitimate_custom_renderer_without_tagfilter
+    extensions = HTML::Pipeline::MarkdownFilter::DEFAULT_COMMONMARKER_EXTENSIONS - [:tagfilter]
+    script = '<script>foobar</script>'
+    results = MarkdownFilter.new(script, unsafe: true, commonmarker_extensions: extensions, commonmarker_renderer: CustomRenderer).call
+
+    assert_equal results, script
+  end
 end
 
 class GFMTest < Minitest::Test
diff --git a/test/test_helper.rb b/test/test_helper.rb
@@ -3,6 +3,8 @@
 require 'bundler/setup'
 require 'html/pipeline'
 require 'minitest/autorun'
+require 'minitest/pride'
+require 'minitest/focus'
 
 require 'active_support/core_ext/string'
 
