diff options
Diffstat (limited to 'lib/banzai')
-rw-r--r-- | lib/banzai/filter/base_sanitization_filter.rb | 3 | ||||
-rw-r--r-- | lib/banzai/filter/custom_emoji_filter.rb | 12 | ||||
-rw-r--r-- | lib/banzai/filter/image_link_filter.rb | 7 | ||||
-rw-r--r-- | lib/banzai/filter/kroki_filter.rb | 16 | ||||
-rw-r--r-- | lib/banzai/filter/plantuml_filter.rb | 10 | ||||
-rw-r--r-- | lib/banzai/filter/repository_link_filter.rb | 2 | ||||
-rw-r--r-- | lib/banzai/pipeline/gfm_pipeline.rb | 2 |
7 files changed, 38 insertions, 14 deletions
diff --git a/lib/banzai/filter/base_sanitization_filter.rb b/lib/banzai/filter/base_sanitization_filter.rb index 4e350a59fa0..3b00d1a9824 100644 --- a/lib/banzai/filter/base_sanitization_filter.rb +++ b/lib/banzai/filter/base_sanitization_filter.rb @@ -39,6 +39,9 @@ module Banzai allowlist[:attributes][:all].delete('name') allowlist[:attributes]['a'].push('name') + allowlist[:attributes]['img'].push('data-diagram') + allowlist[:attributes]['img'].push('data-diagram-src') + # Allow any protocol in `a` elements # and then remove links with unsafe protocols allowlist[:protocols].delete('a') diff --git a/lib/banzai/filter/custom_emoji_filter.rb b/lib/banzai/filter/custom_emoji_filter.rb index a5f1a22c483..ae95c7f66b6 100644 --- a/lib/banzai/filter/custom_emoji_filter.rb +++ b/lib/banzai/filter/custom_emoji_filter.rb @@ -8,8 +8,7 @@ module Banzai IGNORED_ANCESTOR_TAGS = %w(pre code tt).to_set def call - return doc unless context[:project] - return doc unless Feature.enabled?(:custom_emoji, context[:project]) + return doc unless resource_parent doc.xpath('descendant-or-self::text()').each do |node| content = node.to_html @@ -50,12 +49,12 @@ module Banzai def has_custom_emoji? strong_memoize(:has_custom_emoji) do - namespace&.custom_emoji&.any? + CustomEmoji.for_resource(resource_parent).any? end end - def namespace - context[:project].namespace.root_ancestor + def resource_parent + context[:project] || context[:group] end def custom_emoji_candidates @@ -63,7 +62,8 @@ module Banzai end def all_custom_emoji - @all_custom_emoji ||= namespace.custom_emoji.by_name(custom_emoji_candidates).index_by(&:name) + @all_custom_emoji ||= + CustomEmoji.for_resource(resource_parent).by_name(custom_emoji_candidates).index_by(&:name) end end end diff --git a/lib/banzai/filter/image_link_filter.rb b/lib/banzai/filter/image_link_filter.rb index 44acc7805b4..60881b5f511 100644 --- a/lib/banzai/filter/image_link_filter.rb +++ b/lib/banzai/filter/image_link_filter.rb @@ -27,6 +27,13 @@ module Banzai # make sure the original non-proxied src carries over to the link link['data-canonical-src'] = img['data-canonical-src'] if img['data-canonical-src'] + if img['data-diagram'] && img['data-diagram-src'] + link['data-diagram'] = img['data-diagram'] + link['data-diagram-src'] = img['data-diagram-src'] + img.remove_attribute('data-diagram') + img.remove_attribute('data-diagram-src') + end + link.children = if link_replaces_image img['alt'] || img['data-src'] || img['src'] else diff --git a/lib/banzai/filter/kroki_filter.rb b/lib/banzai/filter/kroki_filter.rb index 9aa2afce5a8..845c7f2bc0a 100644 --- a/lib/banzai/filter/kroki_filter.rb +++ b/lib/banzai/filter/kroki_filter.rb @@ -25,11 +25,19 @@ module Banzai diagram_type = node.parent['lang'] diagram_src = node.content image_src = create_image_src(diagram_type, diagram_format, diagram_src) - lazy_load = diagram_src.length > MAX_CHARACTER_LIMIT - other_attrs = lazy_load ? "hidden" : "" + img_tag = Nokogiri::HTML::DocumentFragment.parse(%(<img src="#{image_src}" />)) + img_tag = img_tag.children.first - img_tag = Nokogiri::HTML::DocumentFragment.parse(%(<img class="js-render-kroki" src="#{image_src}" #{other_attrs} />)) - node.parent.replace(img_tag) + unless img_tag.nil? + lazy_load = diagram_src.length > MAX_CHARACTER_LIMIT + img_tag.set_attribute('hidden', '') if lazy_load + img_tag.set_attribute('class', 'js-render-kroki') + + img_tag.set_attribute('data-diagram', node.parent['lang']) + img_tag.set_attribute('data-diagram-src', "data:text/plain;base64,#{Base64.strict_encode64(node.content)}") + + node.parent.replace(img_tag) + end end doc diff --git a/lib/banzai/filter/plantuml_filter.rb b/lib/banzai/filter/plantuml_filter.rb index 68a99702d6f..cbcd547120d 100644 --- a/lib/banzai/filter/plantuml_filter.rb +++ b/lib/banzai/filter/plantuml_filter.rb @@ -15,8 +15,14 @@ module Banzai doc.xpath(lang_tag).each do |node| img_tag = Nokogiri::HTML::DocumentFragment.parse( - Asciidoctor::PlantUml::Processor.plantuml_content(node.content, {})) - node.parent.replace(img_tag) + Asciidoctor::PlantUml::Processor.plantuml_content(node.content, {})).css('img').first + + unless img_tag.nil? + img_tag.set_attribute('data-diagram', 'plantuml') + img_tag.set_attribute('data-diagram-src', "data:text/plain;base64,#{Base64.strict_encode64(node.content)}") + + node.parent.replace(img_tag) + end end doc diff --git a/lib/banzai/filter/repository_link_filter.rb b/lib/banzai/filter/repository_link_filter.rb index 408e6dc685d..f5cf1833304 100644 --- a/lib/banzai/filter/repository_link_filter.rb +++ b/lib/banzai/filter/repository_link_filter.rb @@ -180,7 +180,7 @@ module Banzai parts.pop if uri_type(request_path) != :tree - path.sub!(%r{\A\./}, '') + path.delete_prefix!('./') while path.start_with?('../') parts.pop diff --git a/lib/banzai/pipeline/gfm_pipeline.rb b/lib/banzai/pipeline/gfm_pipeline.rb index df8151b3296..5e7c2f64c92 100644 --- a/lib/banzai/pipeline/gfm_pipeline.rb +++ b/lib/banzai/pipeline/gfm_pipeline.rb @@ -15,11 +15,11 @@ module Banzai # Must always be before the SanitizationFilter to prevent XSS attacks Filter::SpacedLinkFilter, Filter::SanitizationFilter, + Filter::KrokiFilter, Filter::AssetProxyFilter, Filter::SyntaxHighlightFilter, Filter::MathFilter, Filter::ColorFilter, - Filter::KrokiFilter, Filter::MermaidFilter, Filter::VideoLinkFilter, Filter::AudioLinkFilter, |