diff options
author | Douwe Maan <douwe@gitlab.com> | 2018-02-27 15:29:04 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2018-02-27 15:29:04 +0000 |
commit | 7d12f3a84e39c6be6f3798e37b39f0023ece71ec (patch) | |
tree | 93a1454c371a25a545acca6c488c13937e3a50ff | |
parent | 3bf448267b117e79f08ab2f4b769d24a705a5f0f (diff) | |
parent | ffb107ac7d8ba17ecd4d10ef1d8a94d5c62630b2 (diff) | |
download | gitlab-ce-7d12f3a84e39c6be6f3798e37b39f0023ece71ec.tar.gz |
Merge branch '40502-osw-keep-link-when-redacting-unauthorized-objects' into 'master'
Keep raw link when redacting unauthorized link object references
Closes #40502
See merge request gitlab-org/gitlab-ce!17365
-rw-r--r-- | changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml | 5 | ||||
-rw-r--r-- | lib/banzai/filter/abstract_reference_filter.rb | 15 | ||||
-rw-r--r-- | lib/banzai/redactor.rb | 25 | ||||
-rw-r--r-- | spec/lib/banzai/redactor_spec.rb | 10 |
4 files changed, 45 insertions, 10 deletions
diff --git a/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml new file mode 100644 index 00000000000..dddd8473df5 --- /dev/null +++ b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml @@ -0,0 +1,5 @@ +--- +title: Keep link when redacting unauthorized object links +merge_request: +author: +type: fixed diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb index e7e6a90b5fd..c9e3f8ce42b 100644 --- a/lib/banzai/filter/abstract_reference_filter.rb +++ b/lib/banzai/filter/abstract_reference_filter.rb @@ -174,7 +174,9 @@ module Banzai title = object_link_title(object) klass = reference_class(object_sym) - data = data_attributes_for(link_content || match, parent, object, link: !!link_content) + data = data_attributes_for(link_content || match, parent, object, + link_content: !!link_content, + link_reference: link_reference) url = if matches.names.include?("url") && matches[:url] @@ -194,12 +196,13 @@ module Banzai end end - def data_attributes_for(text, project, object, link: false) + def data_attributes_for(text, project, object, link_content: false, link_reference: false) data_attribute( - original: text, - link: link, - project: project.id, - object_sym => object.id + original: text, + link: link_content, + link_reference: link_reference, + project: project.id, + object_sym => object.id ) end diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb index 827df7c08ae..fd457bebf03 100644 --- a/lib/banzai/redactor.rb +++ b/lib/banzai/redactor.rb @@ -42,16 +42,33 @@ module Banzai next if visible.include?(node) doc_data[:visible_reference_count] -= 1 - # The reference should be replaced by the original link's content, - # which is not always the same as the rendered one. - content = node.attr('data-original') || node.inner_html - node.replace(content) + redacted_content = redacted_node_content(node) + node.replace(redacted_content) end end metadata end + # Return redacted content of given node as either the original link (<a> tag), + # the original content (text), or the inner HTML of the node. + # + def redacted_node_content(node) + original_content = node.attr('data-original') + link_reference = node.attr('data-link-reference') + + # Build the raw <a> tag just with a link as href and content if + # it's originally a link pattern. We shouldn't return a plain text href. + original_link = + if link_reference == 'true' && href = original_content + %(<a href="#{href}">#{href}</a>) + end + + # The reference should be replaced by the original link's content, + # which is not always the same as the rendered one. + original_link || original_content || node.inner_html + end + def redact_cross_project_references(documents) extractor = Banzai::IssuableExtractor.new(project, user) issuables = extractor.extract(documents) diff --git a/spec/lib/banzai/redactor_spec.rb b/spec/lib/banzai/redactor_spec.rb index 1fa89137972..441f3725985 100644 --- a/spec/lib/banzai/redactor_spec.rb +++ b/spec/lib/banzai/redactor_spec.rb @@ -40,6 +40,16 @@ describe Banzai::Redactor do expect(doc.to_html).to eq(original_content) end end + + it 'returns <a> tag with original href if it is originally a link reference' do + href = 'http://localhost:3000' + doc = Nokogiri::HTML + .fragment("<a class='gfm' data-reference-type='issue' data-original=#{href} data-link-reference='true'>#{href}</a>") + + redactor.redact([doc]) + + expect(doc.to_html).to eq('<a href="http://localhost:3000">http://localhost:3000</a>') + end end context 'when project is in pending delete' do |