output escaped html in getHTML

pwFoo · Aug 10, 2018 · 6577825 · 6577825
1 parent 83e416d
commit 6577825
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 16 deletions.
diff --git a/blots/text.js b/blots/text.js
@@ -2,4 +2,18 @@ import { TextBlot } from 'parchment';
 
 class Text extends TextBlot {}
 
-export default Text;
+function escapeText(text) {
+  return text.replace(/[&<>"']/g, s => {
+    // https://lodash.com/docs#escape
+    const entityMap = {
+      '&': '&amp;',
+      '<': '&lt;',
+      '>': '&gt;',
+      '"': '&quot;',
+      "'": '&#39;',
+    };
+    return entityMap[s];
+  });
+}
+
+export { Text as default, escapeText };
diff --git a/core/editor.js b/core/editor.js
@@ -7,7 +7,7 @@ import { LeafBlot } from 'parchment';
 import CursorBlot from '../blots/cursor';
 import Block, { bubbleFormats } from '../blots/block';
 import Break from '../blots/break';
-import TextBlot from '../blots/text';
+import TextBlot, { escapeText } from '../blots/text';
 
 const ASCII = /^[ -~]*$/;
 
@@ -255,7 +255,7 @@ function convertHTML(blot, index, length, isRoot = false) {
   if (typeof blot.html === 'function') {
     return blot.html(index, length);
   } else if (blot instanceof TextBlot) {
-    return blot.value().slice(index, index + length);
+    return escapeText(blot.value().slice(index, index + length));
   } else if (blot.children) {
     // TODO fix API
     if (blot.statics.blotName === 'list-container') {

diff --git a/modules/syntax.js b/modules/syntax.js
@@ -6,7 +6,7 @@ import Module from '../core/module';
 import { blockDelta } from '../blots/block';
 import BreakBlot from '../blots/break';
 import CursorBlot from '../blots/cursor';
-import TextBlot from '../blots/text';
+import TextBlot, { escapeText } from '../blots/text';
 import CodeBlock, { CodeBlockContainer } from '../formats/code';
 import { traverse } from '../modules/clipboard';
 
@@ -238,18 +238,7 @@ class Syntax extends Module {
 
   highlightBlot(text, language = 'plain') {
     if (language === 'plain') {
-      return text
-        .replace(/[&<>"']/g, s => {
-          // https://lodash.com/docs#escape
-          const entityMap = {
-            '&': '&amp;',
-            '<': '&lt;',
-            '>': '&gt;',
-            '"': '&quot;',
-            "'": '&#39;',
-          };
-          return entityMap[s];
-        })
+      return escapeText(text)
         .split('\n')
         .reduce((delta, line, i) => {
           if (i !== 0) {

diff --git a/test/unit/core/editor.js b/test/unit/core/editor.js
@@ -616,5 +616,11 @@ describe('Editor', function() {
       const editor = this.initialize(Editor, '<p><a>a</a></p>');
       expect(editor.getHTML(0, 1)).toEqual('<a>a</a>');
     });
+
+    it('escape html', function() {
+      const editor = this.initialize(Editor, '<p><br></p>');
+      editor.insertText(0, '<b>Test</b>');
+      expect(editor.getHTML(0, 11)).toEqual('&lt;b&gt;Test&lt;/b&gt;');
+    });
   });
 });