Allow > inside HTML attributes (#2918)

* Allow > inside HTML attributes * Don't add unnecessary (?:...) to HTML_MEDIA_TAGS
2025-09-18 22:12:21 -04:00 · 2024-01-01 05:09:30 +01:00 · 2024-01-01 05:09:30 +01:00 · f544bdd041
commit f544bdd041
parent ddabbddeb1
3 changed files with 38 additions and 1 deletions
--- a/1
+++ b/1
@ -154,6 +154,7 @@ Lucio Sauer <watermanpaint@posteo.net>
 Gustavo Sales <gustavosmendes14@gmail.com>
 Shawn M Moore <https://github.com/sartak>
 Marko Sisovic <msisovic13@gmail.com>
+Viktor Ricci <ricci@primateer.de>

 ********************

--- a/rslib/src/media/check.rs
+++ b/rslib/src/media/check.rs
@ -794,4 +794,28 @@ Unused: unused.jpg
        );
        Ok(())
    }
+
+    #[test]
+    fn html_chevron_in_non_source_attribute() -> Result<()> {
+        let (_dir, _mgr, mut col) = common_setup()?;
+        let mut checker = col.media_checker()?;
+
+        let field = "<img alt=\"alt>\" src=\"foo.jpg\">";
+        let seen = normalize_and_maybe_rename_files_helper(&mut checker, field);
+        assert!(seen.contains("foo.jpg"));
+
+        let field = "<img alt='>a>l>t>' src='bar.jpg'>";
+        let seen = normalize_and_maybe_rename_files_helper(&mut checker, field);
+        assert!(seen.contains("bar.jpg"));
+
+        let field = "<img alt='\"alt>\"' src='double-in-single.jpg'>";
+        let seen = normalize_and_maybe_rename_files_helper(&mut checker, field);
+        assert!(seen.contains("double-in-single.jpg"));
+
+        let field = "<img alt='alt'> src='illegal.jpg'>";
+        let seen = normalize_and_maybe_rename_files_helper(&mut checker, field);
+        assert!(!seen.contains("illegal.jpg"));
+
+        Ok(())
+    }
 }
--- a/rslib/src/text.rs
+++ b/rslib/src/text.rs
@ -104,7 +104,19 @@ lazy_static! {
    pub static ref HTML_MEDIA_TAGS: Regex = Regex::new(
        r#"(?xsi)
            # the start of the image, audio, or object tag
-            <\b(?:img|audio|video|object)\b[^>]+\b(?:src|data)\b=
+            <\b(?:img|audio|video|object)\b
+
+            # any non-`>`, except inside `"` or `'`
+            (?:
+                [^>]
+            |
+                "[^"]+?"
+            |
+                '[^']+?'
+            )+
+
+            # capture `src` or `data` attribute
+            \b(?:src|data)\b=
            (?:
                    # 1: double-quoted filename
                    "