| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
- use predefined factories when creating
projects with services
- remove unnecessary arguments
|
|\
| |
| |
| |
| | |
Banzai - avoid redis if attr is in DB cache
See merge request gitlab-org/gitlab-ce!30334
|
| |
| |
| |
| |
| |
| |
| | |
When cache_collection_render runs we end up reading and writing
things to redis even if we already have the rendered field cached
in the DB. This commit avoids using redis at all whenever we have
the field already rendered in the DB cache.
|
|/
|
|
|
|
|
|
|
|
|
| |
Adds GFM Pipline filters to insert a placeholder in the generated
HTML from GFM based on the presence of a metrics dashboard link.
The front end should look for the class 'js-render-metrics' to
determine if it should replace the element with metrics charts.
The data element 'data-dashboard-url' should be the endpoint
the front end should hit in order to obtain a dashboard layout
in order to appropriately render the charts.
|
|\
| |
| |
| |
| | |
Fix DOS when rendering issue/MR comments
See merge request gitlab/gitlabhq!3152
|
| | |
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we put the emoji filter before the reference filters, each emoji will
have a wrapper element that prevents the reference filter from detecting
the presence of the emoji.
As the emoji filter now runs after the reference filters, references
must contain a literal emoji, not the GitLab Flavored Markdown
versions (:100`, for example).
A weird side-effect is that if you have a label with the 100 emoji, and
a label named :100:, then trying to reference the latter will work (link
to the correct label), but will render with the 100 emoji. I'm
comfortable with that edge case, I think.
|
|\
| |
| |
| |
| |
| |
| | |
Allow lowercase prefix for Youtrack issue ids
Closes #62661
See merge request gitlab-org/gitlab-ce!29057
|
| |
| |
| |
| |
| | |
Relates to #42595.
Fixes #62661.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This allows using `CacheMarkdownField` for models that are not backed
by ActiveRecord.
When the including class inherits `ActiveRecord::Base` we include
`Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the
markdown fields to be rendered and the generated HTML stored in a
`<field>_html` attribute on the record. We also store the version
used for generating the markdown.
All other classes that include this model will include the
`Gitlab::MarkdownCache::Redis::Extension`. This add the `<field>_html`
attributes to that model and will generate the html in them. The
generated HTML will be cached in redis under the key
`markdown_cache:<class>:<id>`. The class this included in must
therefore respond to `id`.
|
|\ \
| | |
| | |
| | |
| | | |
Reject slug+uri concat if slug is deemed unsafe
See merge request gitlab/gitlabhq!3108
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
First reported:
https://gitlab.com/gitlab-org/gitlab-ce/issues/60143
When the page slug is "javascript:" and we attempt to link to a relative
path (using `.` or `..`) the code will concatenate the slug and the uri.
This MR adds a guard to that concat step that will return `nil` if the
incoming slug matches against any of the "unsafe" slug regexes;
currently this is only for the slug "javascript:" but can be extended if
needed. Manually tested against a non-exhaustive list from OWASP of
common javascript XSS exploits that have to to with mangling the
"javascript:" method, and all are caught by this change or by existing
code that ingests the user-specified slug.
|
|\ \
| |/
|/|
| |
| | |
Fix url redaction for issue links
See merge request gitlab/gitlabhq!3091
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add changelog entry
Add missing href to all redactor specs and removed href assignment
Remove obsolete spec
If original_content is given, it should be used for link content
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When a milestone name contained an HTML entity that would be escaped (&,
<, >), then it wasn't possible to refer to this milestone by name, or
use it in a quick action.
This already worked for labels, but not for milestones. We take care to
re-escape un-matched milestones, too.
|
| | |
|
|\ \
| |/
|/|
| |
| |
| |
| | |
No leading/trailing spaces when generating heading ids (Fixes #57528)
Closes #57528
See merge request gitlab-org/gitlab-ce!27025
|
| |
| |
| | |
Change based on comments in MR #27025
|
| |
| |
| | |
Update based on comments in MR #27025
|
| |
| |
| |
| | |
That's a straightforward feature flag code removal for 11.10
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
into 'master'
Checkbox cannot be checked if preceded by a blockquote
Closes #58717
See merge request gitlab-org/gitlab-ce!26937
|
| |/
| |
| |
| |
| | |
Replaces blockquote fences with \n,
keeping the line numbering intact.
|
|/
|
|
|
|
|
| |
- rewords examples starting with 'should'
- rewords examples starting with 'it'
Note: I had to manually fixup "onlies" to "only"
|
|
|
|
|
| |
- added suggestions to mock data
- fixed props to be not required
|
|\
| |
| |
| |
| |
| |
| | |
Resolve "Extended tooltip for merge request links"
Closes #54916
See merge request gitlab-org/gitlab-ce!25221
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Show pipeline status, title, MR Status and project path
- Popover attached to gitlab flavored markdown everywhere, including:
+ MR/Issue Title
+ MR/Issue description
+ MR/Issue comments
+ Rendered markdown files
|
|/
|
|
|
| |
Implements the filtering logic for
`suggestion:-x+y` syntax.
|
| |
|
|
|
|
| |
Fixes gitlab-org/gitlab-ce#42595
|
| |
|
|
|
|
|
|
| |
Cached markdown version is composed both from global and local
markdown version. This allows admins to bump version locally when
needed (e.g. when external URL is changed).
|
|\
| |
| |
| |
| |
| |
| | |
Remove Redcarpet markdown engine
Closes #51374
See merge request gitlab-org/gitlab-ce!24819
|
| |
| |
| |
| |
| | |
This engine was replaced with CommonMarker in 11.4, it was deprecated
since then.
|
|/ |
|
|
|
|
|
|
|
| |
Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.
Autolinked hrefs should be escaped
|
| |
|
|\
| |
| |
| |
| | |
Enable CommonMark source line position information
See merge request gitlab-org/gitlab-ce!23971
|
| |
| |
| |
| |
| |
| | |
including refactoring, disabling sourcepos for pipelines that
don't need it, and minimizing spec changes by disabling
sourcepos when not testing for it explicitly.
|
| |
| |
| |
| |
| |
| | |
This adds 'data-sourcepos' to tags, indicating which
line of markdown it came from. Sets the stage for
intelligently manipulating specific lines of markdown.
|
| |
| |
| |
| | |
Signed-off-by: Rémy Coutable <remy@rymai.me>
|
|/
|
|
|
|
|
|
|
| |
Personal snippet uploads have neither a group nor a project. If a GitLab
instance were configured with a relative URL root (e.g. `/gitlab`), then
the Markdown filter would not include this root in the generated path.
We fix this by adding this root if there is no group or project.
Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56280
|
|
|
|
| |
and additional spec
|
| |
|
|
|
|
|
| |
All the ids and classes were stripped. Add them back in
and make ids unique
|
|\
| |
| |
| |
| | |
[master] Escape html entities when no label found
See merge request gitlab/gitlabhq!2706
|
| | |
|
|\ \
| | |
| | |
| | |
| | | |
[master] Set URL rel attribute for broken URLs
See merge request gitlab/gitlabhq!2695
|
| |/
| |
| |
| |
| |
| | |
It's possible that URI fails to parse a link, but browsers
still recognize given URL as a link, we should make sure
that 'rel' attribute is set also in this case.
|