<p>I implemented RedCloth in this iteration, to give me <strong>Textile</strong> markup for blog entires & comments. RedCloth has the ability to escape <span class="caps">HTML</span> tags, which is extremely nice. However, by “escape” it means “remove”. Any tag not in the whitelist is completely removed from the page. This is fairly annoying; by “escape”, I would imagine that I’d get the tag displayed on the page as I typed it in.</p>
<p>To test this I removed blockquote from the list of allowed tags. Much to my surprise, <em>all</em> blockquotes were removed, even those specified using the Textile code bq.! <strong><em><span class="caps">WTF</span>???</em></strong> Okay, so it turns out that when RedCloth “escapes” the <span class="caps">HTML</span>, it doesn’t do so until <em>after</em> the Textile transform has taken place. Therefore, the whitelist goes towards tags input by the user <em>and</em> tags determined by Textile codes. This makes no sense.</p>
<p>So given these two issues, I had some changes to make. After familiarizing myself with the code, I tried my hardest to think of a fix obtained through monkey-patching or subclassing. No such luck. The methods just weren’t written in an overriding-friendly way. Rather than just modify the gem, which would have been very, very bad of me (punishment by torture), I unpacked the gem to /vendor and made the changes there. This way, the changes aren’t systemwide, and anyone will have them when downloading the project (punishment by slap on the wrist). I hope the hardcore Rubyists out there can forgive me for this decision, and if you have a better way to implement these changes, please let me know.</p>
<p>Without any further adieu, here is the before/after code of RedCloth.rb showing my changes.</p>
<p>Change #1:</p>
<p>The to_html method calls clean_html just before returning, if necessary. This was the original code:</p>
text.gsub!( /<\/?notextile>/, ’’ )
text.gsub!( /x%x%/, ‘&’ )
text.strip!
clean_html text if filter_html
text
end
<p>Unfortunately, all Textile replacements have already been made, therefore that <span class="caps">HTML</span> is being cleaned too. This is completely unnecessary, therefore we want clean_html to be called <em>before</em> performing the Textile work, like so:</p>
incoming_entities text
clean_white_space text
clean_html text if filter_html
@pre_list = []
rip_offtags text
no_textile text
hard_break text
unless @lite_mode
refs text
blocks text
end
inline text
smooth_offtags text
retrieve text
text.gsub!( /<\/?notextile>/, ’’ )
….
<p>Got it?</p>
<p>The second fix allows me to type a disallowed <span class="caps">HTML</span> tag in the editor and display it to the user in its full taggy goodness. This change was made to the clean_html method. This method uses a regex to go through each tag; if it exists in the whitelist, then leave it alone, otherwise, replace it with an empty string. Here is the original snippet from clean_html:</p>
end
end if tags[tag]
“<#{raw<sup class="footnote"><a href="#fn1">1</a></sup>}#{pcs.join " “}>”
else
" "
end
<p>and here is my change, allowing the tag to be displayed on the page, but still not rendered as <span class="caps">HTML</span>:</p>
end
end if tags[tag]
“<#{raw<sup class="footnote"><a href="#fn1">1</a></sup>}#{pcs.join " “}>”
else
“<#{raw<sup class="footnote"><a href="#fn1">1</a></sup>}#{raw<sup class="footnote"><a href="#fn2">2</a></sup>}>”
end
<p>Not a huge deal, but now RedCloth and <span class="caps">HTML</span> escaping works like I would expect it to! I’m open for suggestions to better solutions for these problems. But for now, that’s how it will stay.</p>
2008-05-01T01:09:32-07:00
14799
featured-code-snippet-2
6097
Featured Code Snippet #2
2008-05-01T01:17:34-07:00
3648