diff options
| author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-02-26 12:28:49 -0300 |
|---|---|---|
| committer | Oswaldo Ferreira <oswaldo@gitlab.com> | 2018-02-26 13:15:42 -0300 |
| commit | df78aca7169990dc34502e3a08e7245e8ee74bda (patch) | |
| tree | b5e47542e760ad3721f586285db053929e525835 | |
| parent | 565e4ee5a6566057ee524963565f045bd1b2c51a (diff) | |
| download | gitlab-ce-40502-osw-keep-link-when-redacting-unauthorized-objects.tar.gz | |
Keep link when redacting unauthorized object links40502-osw-keep-link-when-redacting-unauthorized-objects
| -rw-r--r-- | changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml | 5 | ||||
| -rw-r--r-- | lib/banzai/filter/abstract_reference_filter.rb | 15 | ||||
| -rw-r--r-- | lib/banzai/redactor.rb | 26 | ||||
| -rw-r--r-- | spec/lib/banzai/redactor_spec.rb | 10 |
4 files changed, 46 insertions, 10 deletions
diff --git a/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml new file mode 100644 index 00000000000..dddd8473df5 --- /dev/null +++ b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml @@ -0,0 +1,5 @@ +--- +title: Keep link when redacting unauthorized object links +merge_request: +author: +type: fixed diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb index e7e6a90b5fd..c9e3f8ce42b 100644 --- a/lib/banzai/filter/abstract_reference_filter.rb +++ b/lib/banzai/filter/abstract_reference_filter.rb @@ -174,7 +174,9 @@ module Banzai title = object_link_title(object) klass = reference_class(object_sym) - data = data_attributes_for(link_content || match, parent, object, link: !!link_content) + data = data_attributes_for(link_content || match, parent, object, + link_content: !!link_content, + link_reference: link_reference) url = if matches.names.include?("url") && matches[:url] @@ -194,12 +196,13 @@ module Banzai end end - def data_attributes_for(text, project, object, link: false) + def data_attributes_for(text, project, object, link_content: false, link_reference: false) data_attribute( - original: text, - link: link, - project: project.id, - object_sym => object.id + original: text, + link: link_content, + link_reference: link_reference, + project: project.id, + object_sym => object.id ) end diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb index 827df7c08ae..d9e08b9e028 100644 --- a/lib/banzai/redactor.rb +++ b/lib/banzai/redactor.rb @@ -42,16 +42,34 @@ module Banzai next if visible.include?(node) doc_data[:visible_reference_count] -= 1 - # The reference should be replaced by the original link's content, - # which is not always the same as the rendered one. - content = node.attr('data-original') || node.inner_html - node.replace(content) + redacted_content = redacted_node_content(node) + node.replace(redacted_content) end end metadata end + # Return redacted content of given node as either the original link (<a> tag), + # the original content (text), or the inner HTML of the node. + # + def redacted_node_content(node) + original_content = node.attr('data-original') + link_reference = ActiveRecord::Type::Boolean.new + .type_cast_from_user(node.attr('data-link-reference')) + + # Build the raw <a> tag just with a link as href and content if + # it's originally a link pattern. We shouldn't return a plain text href. + original_link = + if link_reference && href = original_content + %(<a href="#{href}">#{href}</a>) + end + + # The reference should be replaced by the original link's content, + # which is not always the same as the rendered one. + original_link || original_content || node.inner_html + end + def redact_cross_project_references(documents) extractor = Banzai::IssuableExtractor.new(project, user) issuables = extractor.extract(documents) diff --git a/spec/lib/banzai/redactor_spec.rb b/spec/lib/banzai/redactor_spec.rb index 1fa89137972..441f3725985 100644 --- a/spec/lib/banzai/redactor_spec.rb +++ b/spec/lib/banzai/redactor_spec.rb @@ -40,6 +40,16 @@ describe Banzai::Redactor do expect(doc.to_html).to eq(original_content) end end + + it 'returns <a> tag with original href if it is originally a link reference' do + href = 'http://localhost:3000' + doc = Nokogiri::HTML + .fragment("<a class='gfm' data-reference-type='issue' data-original=#{href} data-link-reference='true'>#{href}</a>") + + redactor.redact([doc]) + + expect(doc.to_html).to eq('<a href="http://localhost:3000">http://localhost:3000</a>') + end end context 'when project is in pending delete' do |