Skip to content

Commit 3960417

Browse files
UziTechUziTech
committed
sanatize uppercase hexidecimal
fixes markedjs#925
1 parent 3e641c9 commit 3960417

File tree

3 files changed

+6
-2
lines changed

3 files changed

+6
-2
lines changed

lib/marked.js

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1096,8 +1096,8 @@ function escape(html, encode) {
10961096
}
10971097

10981098
function unescape(html) {
1099-
// explicitly match decimal, hex, and named HTML entities
1100-
return html.replace(/&(#(?:\d+)|(?:#x[0-9A-Fa-f]+)|(?:\w+));?/g, function(_, n) {
1099+
// explicitly match decimal, hex, and named HTML entities
1100+
return html.replace(/&(#(?:\d+)|(?:#x[0-9A-Fa-f]+)|(?:\w+));?/ig, function(_, n) {
11011101
n = n.toLowerCase();
11021102
if (n === 'colon') return ':';
11031103
if (n.charAt(0) === '#') {

test/tests/uppercase_hex.sanitize.html

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
<p>lowerlower
2+
upperupper</p>

test/tests/uppercase_hex.sanitize.text

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lower[click me](javascript&#x3a;...)lower
2+
upper[click me](javascript&#X3a;...)upper

0 commit comments

Comments
 (0)