Applying strip_html filter to escaped html should not unescape it

bkiers · Jul 27, 2024 · c1e58cd · c1e58cd
1 parent 244f7b8
commit c1e58cd
Show file tree

Hide file tree

Showing 5 changed files with 49 additions and 12 deletions.
diff --git a/pom.xml b/pom.xml
@@ -62,7 +62,6 @@
     <antlr4.version>4.13.0</antlr4.version>
     <jackson.databind.version>2.13.4.2</jackson.databind.version>
     <jackson.version>2.13.2</jackson.version>
-    <jsoup.version>1.15.3</jsoup.version>
     <junit.version>4.13.1</junit.version>
 
     <main.class />
@@ -101,13 +100,6 @@
       <version>${jackson.version}</version>
     </dependency>
 
-
-    <dependency>
-      <groupId>org.jsoup</groupId>
-      <artifactId>jsoup</artifactId>
-      <version>${jsoup.version}</version>
-    </dependency>
-
     <dependency>
       <groupId>ua.co.k</groupId>
       <artifactId>strftime4j</artifactId>

diff --git a/src/main/java/liqp/LValue.java b/src/main/java/liqp/LValue.java
@@ -493,4 +493,19 @@ public boolean isMap(Object value) {
     public Map<String, Object> asMap(Object value) {
         return (Map<String, Object>)value;
     }
+
+    public static boolean isBlank(final String string) {
+        if (string == null || string.length() == 0)
+            return true;
+
+        int l = string.length();
+        for (int i = 0; i < l; i++) {
+            if (!isWhitespace(string.codePointAt(i)))
+                return false;
+        }
+        return true;
+    }
+    private static boolean isWhitespace(int c){
+        return c == ' ' || c == '\t' || c == '\n' || c == '\f' || c == '\r';
+    }
 }
diff --git a/src/main/java/liqp/filters/Strip_HTML.java b/src/main/java/liqp/filters/Strip_HTML.java
@@ -1,10 +1,21 @@
 package liqp.filters;
 
 import liqp.TemplateContext;
-import org.jsoup.Jsoup;
+
+import java.util.regex.Pattern;
 
 public class Strip_HTML extends Filter {
 
+    // STRIP_HTML_BLOCKS = Regexp.union(
+    //      /<script.*?<\/script>/m,
+    //      /<!--.*?-->/m,
+    //      /<style.*?<\/style>/m
+    //    )
+    private static final Pattern STRIP_HTML_BLOCKS = Pattern.compile("<script.*?</script>|<style.*?</style>|<!--.*?-->", Pattern.MULTILINE);
+
+    // STRIP_HTML_TAGS = /<.*?>/m
+    private static final Pattern STRIP_HTML_TAGS = Pattern.compile("<.*?>", Pattern.MULTILINE);
+
     /*
      * strip_html(input)
      *
@@ -14,7 +25,9 @@ public class Strip_HTML extends Filter {
     public Object apply(Object value, TemplateContext context, Object... params) {
 
         String html = super.asString(value, context);
+        html = STRIP_HTML_BLOCKS.matcher(html).replaceAll("");
+        html = STRIP_HTML_TAGS.matcher(html).replaceAll("");
 
-        return Jsoup.parse(html).text();
+        return html;
     }
 }
diff --git a/src/main/java/liqp/nodes/OutputNode.java b/src/main/java/liqp/nodes/OutputNode.java
@@ -4,12 +4,13 @@
 import liqp.TemplateContext;
 import liqp.TemplateParser;
 import liqp.exceptions.LiquidException;
-import org.jsoup.internal.StringUtil;
 
 import java.math.BigDecimal;
 import java.util.ArrayList;
 import java.util.List;
 
+import static liqp.LValue.isBlank;
+
 public class OutputNode implements LNode {
 
     private LNode expression;
@@ -40,7 +41,7 @@ public Object render(TemplateContext context) {
         }
         if (context != null && context.getParser().errorMode == TemplateParser.ErrorMode.WARN) {
             String localUnparsed = unparsed;
-            if (!StringUtil.isBlank(localUnparsed)) {
+            if (!isBlank(localUnparsed)) {
                 if (localUnparsed.length() > 30) {
                     localUnparsed = localUnparsed.substring(0, 30) + "...";
                 }

diff --git a/src/test/java/liqp/filters/Strip_HTMLTest.java b/src/test/java/liqp/filters/Strip_HTMLTest.java
@@ -52,4 +52,20 @@ public void applyOriginalTest() {
         assertThat(filter.apply("<script type='text/javascript'>document.write('some stuff');</script>", context), is((Object)""));
         assertThat(filter.apply(null, context), is((Object)""));
     }
+
+
+    @Test
+    public void testIssue306() {
+        // given
+        // {{ "<em>test</em>" | escape }} --> &lt;em&gt;test&lt;/em&gt;
+        TemplateContext context = new TemplateContext();
+        Filter filter = Filters.COMMON_FILTERS.get("strip_html");
+
+        // when
+        Object result = filter.apply("&lt;em&gt;test&lt;/em&gt;", context);
+
+
+        // then
+        assertThat(result, is("&lt;em&gt;test&lt;/em&gt;"));
+    }
 }