diff options
| author | Douwe Maan <douwe@gitlab.com> | 2018-02-27 15:29:04 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2018-02-27 15:29:04 +0000 |
| commit | 7d12f3a84e39c6be6f3798e37b39f0023ece71ec (patch) | |
| tree | 93a1454c371a25a545acca6c488c13937e3a50ff /lib | |
| parent | 3bf448267b117e79f08ab2f4b769d24a705a5f0f (diff) | |
| parent | ffb107ac7d8ba17ecd4d10ef1d8a94d5c62630b2 (diff) | |
| download | gitlab-ce-7d12f3a84e39c6be6f3798e37b39f0023ece71ec.tar.gz | |
Merge branch '40502-osw-keep-link-when-redacting-unauthorized-objects' into 'master'
Keep raw link when redacting unauthorized link object references
Closes #40502
See merge request gitlab-org/gitlab-ce!17365
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/banzai/filter/abstract_reference_filter.rb | 15 | ||||
| -rw-r--r-- | lib/banzai/redactor.rb | 25 |
2 files changed, 30 insertions, 10 deletions
diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb index e7e6a90b5fd..c9e3f8ce42b 100644 --- a/lib/banzai/filter/abstract_reference_filter.rb +++ b/lib/banzai/filter/abstract_reference_filter.rb @@ -174,7 +174,9 @@ module Banzai title = object_link_title(object) klass = reference_class(object_sym) - data = data_attributes_for(link_content || match, parent, object, link: !!link_content) + data = data_attributes_for(link_content || match, parent, object, + link_content: !!link_content, + link_reference: link_reference) url = if matches.names.include?("url") && matches[:url] @@ -194,12 +196,13 @@ module Banzai end end - def data_attributes_for(text, project, object, link: false) + def data_attributes_for(text, project, object, link_content: false, link_reference: false) data_attribute( - original: text, - link: link, - project: project.id, - object_sym => object.id + original: text, + link: link_content, + link_reference: link_reference, + project: project.id, + object_sym => object.id ) end diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb index 827df7c08ae..fd457bebf03 100644 --- a/lib/banzai/redactor.rb +++ b/lib/banzai/redactor.rb @@ -42,16 +42,33 @@ module Banzai next if visible.include?(node) doc_data[:visible_reference_count] -= 1 - # The reference should be replaced by the original link's content, - # which is not always the same as the rendered one. - content = node.attr('data-original') || node.inner_html - node.replace(content) + redacted_content = redacted_node_content(node) + node.replace(redacted_content) end end metadata end + # Return redacted content of given node as either the original link (<a> tag), + # the original content (text), or the inner HTML of the node. + # + def redacted_node_content(node) + original_content = node.attr('data-original') + link_reference = node.attr('data-link-reference') + + # Build the raw <a> tag just with a link as href and content if + # it's originally a link pattern. We shouldn't return a plain text href. + original_link = + if link_reference == 'true' && href = original_content + %(<a href="#{href}">#{href}</a>) + end + + # The reference should be replaced by the original link's content, + # which is not always the same as the rendered one. + original_link || original_content || node.inner_html + end + def redact_cross_project_references(documents) extractor = Banzai::IssuableExtractor.new(project, user) issuables = extractor.extract(documents) |