Markdown: Allow to escape domain name

2026-05-04 15:04:03 +00:00 · 2023-06-23 15:32:00 +02:00
parent 34e7a0fc31
commit b7f3f7a7a1
2 changed files with 154 additions and 25 deletions
--- a/src/tests/base/test_rich_text.py
+++ b/src/tests/base/test_rich_text.py
@@ -30,6 +30,8 @@ from pretix.base.templatetags.rich_text import (
    # Test link detection
    ("google.com",
     '<a href="http://google.com" rel="noopener" target="_blank">google.com</a>'),
+    # Test link escaping
+    ("google\\.com", 'google.com'),
    # Test abslink_callback
    ("[Call](tel:+12345)",
     '<a href="tel:+12345" rel="nofollow">Call</a>'),
@@ -79,3 +81,20 @@ def test_newline_handling(content, result):
 ])
 def test_newline_handling_email(content, result):
    assert markdown_compile_email(content) == result
+
+
+@pytest.mark.parametrize("content,result,result_snippet", [
+    # attributes
+    ('<a onclick="javascript:foo()">foo</a>', '<p><a>foo</a></p>', '<a>foo</a>'),
+    ('<strong color="red">foo</strong>',
+     '<p><strong>foo</strong></p>',
+     '<strong>foo</strong>'),
+    # protocols
+    ('<a href="javascript:foo()">foo</a>', '<p><a>foo</a></p>', '<a>foo</a>'),
+    # tags
+    ('<script>foo</script>', '&lt;script&gt;foo&lt;/script&gt;', 'foo'),
+])
+def test_cleanup(content, result, result_snippet):
+    assert rich_text(content) == result
+    assert rich_text_snippet(content) == result_snippet
+    assert markdown_compile_email(content) == result