diff options
author | Sean McGivern <sean@gitlab.com> | 2018-03-28 15:45:16 +0100 |
---|---|---|
committer | Sean McGivern <sean@gitlab.com> | 2018-03-28 15:45:16 +0100 |
commit | 6fdca777cdce5cc940043f15048a39667d158b8c (patch) | |
tree | 33659c8ce09f1d2151f593f222f64f30f51537e7 | |
parent | d7a9df68329bee42a4f2c4934351022c949f7c71 (diff) | |
download | gitlab-ce-escape-autocomplete-values-for-markdown.tar.gz |
Escape autocomplete results for Markdownescape-autocomplete-values-for-markdown
A label name can contain a `_`, `~~`, or other Markdown-significant. But label
references are processed _after_ Markdown processing has run, so we can't easily
fix this on the backend.
We can make it more convenient, though, by changing the frontend to escape these
characters so they aren't processed as Markdown, when we insert them from
autocomplete.
-rw-r--r-- | app/assets/javascripts/gfm_auto_complete.js | 18 | ||||
-rw-r--r-- | changelogs/unreleased/escape-autocomplete-values-for-markdown.yml | 5 | ||||
-rw-r--r-- | spec/javascripts/gfm_auto_complete_spec.js | 8 |
3 files changed, 27 insertions, 4 deletions
diff --git a/app/assets/javascripts/gfm_auto_complete.js b/app/assets/javascripts/gfm_auto_complete.js index 8259133c95b..ac49a746210 100644 --- a/app/assets/javascripts/gfm_auto_complete.js +++ b/app/assets/javascripts/gfm_auto_complete.js @@ -54,6 +54,7 @@ class GfmAutoComplete { alias: 'commands', searchKey: 'search', skipSpecialCharacterTest: true, + skipMarkdownCharacterTest: true, data: GfmAutoComplete.defaultLoadingData, displayTpl(value) { if (GfmAutoComplete.isLoading(value)) return GfmAutoComplete.Loading.template; @@ -376,15 +377,24 @@ class GfmAutoComplete { return $.fn.atwho.default.callbacks.filter(query, data, searchKey); }, beforeInsert(value) { + let withoutAt = value.substring(1); + const at = value.charAt(); let resultantValue = value; + if (value && !this.setting.skipSpecialCharacterTest) { - const withoutAt = value.substring(1); - const regex = value.charAt() === '~' ? /\W|^\d+$/ : /\W/; + const regex = at === '~' ? /\W|^\d+$/ : /\W/; if (withoutAt && regex.test(withoutAt)) { - resultantValue = `${value.charAt()}"${withoutAt}"`; + withoutAt = `"${withoutAt}"`; } } - return resultantValue; + + // We can ignore this for quick actions because they are processed + // before Markdown. + if (!this.setting.skipMarkdownCharacterTest) { + withoutAt = withoutAt.replace(/([~\-_*`])/g, '\\$&'); + } + + return `${at}${withoutAt}`; }, matcher(flag, subtext) { const match = GfmAutoComplete.defaultMatcher(flag, subtext, this.app.controllers); diff --git a/changelogs/unreleased/escape-autocomplete-values-for-markdown.yml b/changelogs/unreleased/escape-autocomplete-values-for-markdown.yml new file mode 100644 index 00000000000..eea9da4c579 --- /dev/null +++ b/changelogs/unreleased/escape-autocomplete-values-for-markdown.yml @@ -0,0 +1,5 @@ +--- +title: Escape Markdown characters properly when using autocomplete +merge_request: +author: +type: fixed diff --git a/spec/javascripts/gfm_auto_complete_spec.js b/spec/javascripts/gfm_auto_complete_spec.js index dc0a5bc275c..76602857f6c 100644 --- a/spec/javascripts/gfm_auto_complete_spec.js +++ b/spec/javascripts/gfm_auto_complete_spec.js @@ -88,6 +88,14 @@ describe('GfmAutoComplete', function () { it('should quote integer labels', () => { expect(beforeInsert(atwhoInstance, '~1234')).toBe('~"1234"'); }); + + it('should escape Markdown emphasis characters, except in the first character', () => { + expect(beforeInsert(atwhoInstance, '@_group')).toEqual('@\_group'); + expect(beforeInsert(atwhoInstance, '~_bug')).toEqual('~\_bug'); + expect(beforeInsert(atwhoInstance, '~a `bug`')).toEqual('~"a \`bug\`"'); + expect(beforeInsert(atwhoInstance, '~a ~bug`')).toEqual('~"a \~bug"'); + expect(beforeInsert(atwhoInstance, '~a **bug`')).toEqual('~"a \*\*bug"'); + }); }); describe('DefaultOptions.matcher', function () { |