Skip to content

Commit

Permalink
fix: strip_html for multi line <script>/<style>/comments, #70
Browse files Browse the repository at this point in the history
  • Loading branch information
harttle committed Mar 2, 2023
1 parent d4e519c commit 42d2590
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/filters/html.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@ export function newline_to_br (v: string) {
}

export function strip_html (v: string) {
return stringify(v).replace(/<script.*?<\/script>|<!--.*?-->|<style.*?<\/style>|<.*?>/g, '')
return stringify(v).replace(/<script[\s\S]*?<\/script>|<style[\s\S]*?<\/style>|<.*?>|<!--[\s\S]*?-->/g, '')
}
10 changes: 10 additions & 0 deletions test/e2e/issues.ts
Original file line number Diff line number Diff line change
Expand Up @@ -390,4 +390,14 @@ describe('Issues', function () {
const html = await liquid.parseAndRender(tpl, ctx)
expect(html.trim()).to.equal('<a href="https://example.com">Lot more code here</a>')
})
it('#70 strip multiline content of <style>', async() => {
const str = `
<style type="text/css">
.test-one-line {display: none;}
</style>`
const engine = new Liquid()
const template = '{{ str | strip_html }}'
const html = await engine.parseAndRender(template, { str })
expect(html).to.match(/^\s*$/)
})
})
16 changes: 16 additions & 0 deletions test/integration/filters/html.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
import { test } from '../../stub/render'
import { expect } from 'chai'
import { Liquid } from '../../../src/liquid'

describe('filters/html', function () {
let liquid: Liquid
beforeEach(() => liquid = new Liquid())
describe('escape', function () {
it('should escape \' and &', function () {
return test('{{ "Have you read \'James & the Giant Peach\'?" | escape }}',
Expand Down Expand Up @@ -43,14 +47,26 @@ describe('filters/html', function () {
return test('{{ "<!--Have you read-->Ulysses?" | strip_html }}',
'Ulysses?')
})
it('should strip multiline comments', function () {
expect(liquid.parseAndRenderSync('{{"<!--foo\r\nbar \ncoo\t \r\n -->"|strip_html}}')).to.equal('')
})
it('should strip all style tags and their contents', function () {
return test('{{ "<style>cite { font-style: italic; }</style><cite>Ulysses<cite>?" | strip_html }}',
'Ulysses?')
})
it('should strip multiline styles', function () {
expect(liquid.parseAndRenderSync('{{"<style> \n.header {\r\n color: black;\r\n}\n</style>" | strip_html}}')).to.equal('')
})
it('should strip all scripts tags and their contents', function () {
return test('{{ "<script async>console.log(\'hello world\')</script><cite>Ulysses<cite>?" | strip_html }}',
'Ulysses?')
})
it('should strip multiline scripts', function () {
expect(liquid.parseAndRenderSync('{{ "<script> \nfoo\r\nbar\n</script>" | strip_html }}')).to.equal('')
})
it('should not strip non-matched <script>', function () {
expect(liquid.parseAndRenderSync('{{ "<script></script>text<script></script>" | strip_html }}')).to.equal('text')
})
it('should strip until empty', function () {
return test('{{"<br/><br />< p ></p></ p >" | strip_html }}', '')
})
Expand Down

0 comments on commit 42d2590

Please sign in to comment.