X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/a54367cd91fc9a232c86a328b3ea5b48a3376112..4447439079a88835d69524ab36ba88ecda384142:/forum/skins/default/media/js/wmd/showdown.js
diff --git a/forum/skins/default/media/js/wmd/showdown.js b/forum/skins/default/media/js/wmd/showdown.js
index 0efa6c5..b890fa8 100644
--- a/forum/skins/default/media/js/wmd/showdown.js
+++ b/forum/skins/default/media/js/wmd/showdown.js
@@ -192,7 +192,7 @@ var _StripLinkDefinitions = function(text) {
} else if (m4) {
g_titles[m1] = m4.replace(/"/g,""");
}
-
+
// Completely remove the definition from the text
return "";
}
@@ -264,7 +264,7 @@ var _HashHTMLBlocks = function(text) {
text = text.replace(/^(<(p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math)\b[^\r]*?.*<\/\2>[ \t]*(?=\n+)\n)/gm,hashElement);
// Special case just for
. It was easier to make a special case than
- // to make the other regex more complicated.
+ // to make the other regex more complicated.
/*
text = text.replace(/
@@ -273,7 +273,7 @@ var _HashHTMLBlocks = function(text) {
[ ]{0,3}
(<(hr) // start tag = $2
\b // word break
- ([^<>])*? //
+ ([^<>])*? //
\/?>) // the matching end tag
[ \t]*
(?=\n{2,}) // followed by a blank line
@@ -331,13 +331,13 @@ var hashElement = function(wholeMatch,m1) {
// Undo double lines
blockText = blockText.replace(/\n\n/g,"\n");
blockText = blockText.replace(/^\n/,"");
-
+
// strip trailing blank lines
blockText = blockText.replace(/\n+$/g,"");
-
+
// Replace the element text with a marker ("~KxK" where x is its key)
blockText = "\n\n~K" + (g_html_blocks.push(blockText)-1) + "K\n\n";
-
+
return blockText;
};
@@ -403,7 +403,7 @@ var _EscapeSpecialCharsWithinTagAttributes = function(text) {
// don't conflict with their use in Markdown for code, italics and strong.
//
- // Build a regex to find HTML tags and comments. See Friedl's
+ // Build a regex to find HTML tags and comments. See Friedl's
// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|)/gi;
@@ -498,6 +498,11 @@ var _DoAnchors = function(text) {
*/
text = text.replace(/(\[([^\[\]]+)\])()()()()()/g, writeAnchorTag);
+ // Prevent executing JavaScript from the Anchor href.
+ text = text.replace(/(([^<]+)<\/a>)/g, function() {
+ return arguments[3];
+ });
+
return text;
}
@@ -508,14 +513,14 @@ var writeAnchorTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
var link_id = m3.toLowerCase();
var url = m4;
var title = m7;
-
+
if (url == "") {
if (link_id == "") {
// lower-case and turn embedded newlines into spaces
link_id = link_text.toLowerCase().replace(/ ?\n/g," ");
}
url = "#"+link_id;
-
+
if (g_urls[link_id] != undefined) {
url = g_urls[link_id];
if (g_titles[link_id] != undefined) {
@@ -530,19 +535,19 @@ var writeAnchorTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
return whole_match;
}
}
- }
-
+ }
+
url = escapeCharacters(url,"*_");
var result = "" + link_text + "";
-
+
return result;
}
@@ -613,14 +618,14 @@ var writeImageTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
var title = m7;
if (!title) title = "";
-
+
if (url == "") {
if (link_id == "") {
// lower-case and turn embedded newlines into spaces
link_id = alt_text.toLowerCase().replace(/ ?\n/g," ");
}
url = "#"+link_id;
-
+
if (g_urls[link_id] != undefined) {
url = g_urls[link_id];
if (g_titles[link_id] != undefined) {
@@ -630,10 +635,13 @@ var writeImageTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
else {
return whole_match;
}
- }
-
+ }
+
alt_text = alt_text.replace(/"/g,""");
url = escapeCharacters(url,"*_");
+ if (url.toString().indexOf('http://') != 0 && url.toString().indexOf('https://') != 0) {
+ url = scriptUrl + url
+ }
var result = "";
-
+
return result;
}
@@ -656,7 +664,7 @@ var _DoHeaders = function(text) {
// Setext-style headers:
// Header 1
// ========
- //
+ //
// Header 2
// --------
//
@@ -740,7 +748,7 @@ var _DoLists = function(text) {
// paragraph for the last item in a list, if necessary:
list = list.replace(/\n{2,}/g,"\n\n\n");;
var result = _ProcessListItems(list);
-
+
// Trim any trailing whitespace, to put the closing `$list_type>`
// up on the preceding line, to get it past the current stupid
// HTML block parser. This is a hack to work around the terrible
@@ -760,7 +768,7 @@ var _DoLists = function(text) {
// paragraph for the last item in a list, if necessary:
var list = list.replace(/\n{2,}/g,"\n\n\n");;
var result = _ProcessListItems(list);
- result = runup + "<"+list_type+">\n" + result + ""+list_type+">\n";
+ result = runup + "<"+list_type+">\n" + result + ""+list_type+">\n";
return result;
});
}
@@ -846,7 +854,7 @@ _ProcessListItems = function(list_str) {
var _DoCodeBlocks = function(text) {
//
// Process Markdown `` blocks.
-//
+//
/*
text = text.replace(text,
@@ -863,12 +871,12 @@ var _DoCodeBlocks = function(text) {
// attacklab: sentinel workarounds for lack of \A and \Z, safari\khtml bug
text += "~0";
-
+
text = text.replace(/(?:\n\n|^)((?:(?:[ ]{4}|\t).*\n+)+)(\n*[ ]{0,3}[^ \t\n]|(?=~0))/g,
function(wholeMatch,m1,m2) {
var codeblock = m1;
var nextChar = m2;
-
+
codeblock = _EncodeCode( _Outdent(codeblock));
codeblock = _Detab(codeblock);
codeblock = codeblock.replace(/^\n+/g,""); // trim leading newlines
@@ -895,26 +903,26 @@ var hashBlock = function(text) {
var _DoCodeSpans = function(text) {
//
// * Backtick quotes are used for
spans.
-//
+//
// * You can use multiple backticks as the delimiters if you want to
// include literal backticks in the code span. So, this input:
-//
+//
// Just type ``foo `bar` baz`` at the prompt.
-//
+//
// Will translate to:
-//
+//
// Just type foo `bar` baz
at the prompt.
-//
+//
// There's no arbitrary limit to the number of backticks you
// can use as delimters. If you need three consecutive backticks
// in your code, use four for delimiters, etc.
//
// * You can use spaces to get literal backticks at the edges:
-//
+//
// ... type `` `bar` `` ...
-//
+//
// Turns to:
-//
+//
// ... type `bar`
...
//
@@ -1017,7 +1025,7 @@ var _DoBlockQuotes = function(text) {
bq = bq.replace(/^[ \t]+$/gm,""); // trim whitespace-only lines
bq = _RunBlockGamut(bq); // recurse
-
+
bq = bq.replace(/(^|\n)/g,"$1 ");
// These leading spaces screw with content, so we need to fix that:
bq = bq.replace(
@@ -1029,7 +1037,7 @@ var _DoBlockQuotes = function(text) {
pre = pre.replace(/~0/g,"");
return pre;
});
-
+
return hashBlock("\n" + bq + "\n
");
});
return text;
@@ -1088,14 +1096,14 @@ var _FormParagraphs = function(text) {
var _EncodeAmpsAndAngles = function(text) {
// Smart processing for ampersands and angle brackets that need to be encoded.
-
+
// Ampersand-encoding based entirely on Nat Irons's Amputator MT plugin:
// http://bumppo.net/projects/amputator/
text = text.replace(/&(?!#?[xX]?(?:[0-9a-fA-F]+|\w+);)/g,"&");
-
+
// Encode naked <'s
text = text.replace(/<(?![a-z\/?\$!])/gi,"<");
-
+
return text;
}