summaryrefslogtreecommitdiff
path: root/spec/lib/banzai
Commit message (Collapse)AuthorAgeFilesLines
* Rename Redactor classes to ReferenceRedactorSarah Yasonik2019-07-163-6/+6
|
* Simplify factories for servicesJarka Košanová2019-07-161-3/+3
| | | | | | - use predefined factories when creating projects with services - remove unnecessary arguments
* Merge branch 'banzai-avoid-redis-if-db-cache' into 'master'Douwe Maan2019-07-111-0/+18
|\ | | | | | | | | Banzai - avoid redis if attr is in DB cache See merge request gitlab-org/gitlab-ce!30334
| * Banzai - avoid redis if attr is in DB cachebanzai-avoid-redis-if-db-cacheMario de la Ossa2019-07-101-0/+18
| | | | | | | | | | | | | | When cache_collection_render runs we end up reading and writing things to redis even if we already have the rendered field cached in the DB. This commit avoids using redis at all whenever we have the field already rendered in the DB cache.
* | Expose metrics element for FE consumptionSarah Yasonik2019-07-102-0/+113
|/ | | | | | | | | | | Adds GFM Pipline filters to insert a placeholder in the generated HTML from GFM based on the presence of a metrics dashboard link. The front end should look for the class 'js-render-metrics' to determine if it should replace the element with metrics charts. The data element 'data-dashboard-url' should be the endpoint the front end should hit in order to obtain a dashboard layout in order to appropriately render the charts.
* Merge branch 'security-DOS_issue_comments_banzai' into 'master'Marin Jankovski2019-07-021-0/+5
|\ | | | | | | | | Fix DOS when rendering issue/MR comments See merge request gitlab/gitlabhq!3152
| * Fix DOS when rendering issue/MR commentsMario de la Ossa2019-06-131-0/+5
| |
* | Do not rewrite relative links for system notesbug/63162-duplicate_path_in_linksMario de la Ossa2019-06-201-0/+7
|/
* Allow emoji in label and milestone referencesallow-emoji-in-referencesSean McGivern2019-06-071-0/+23
| | | | | | | | | | | | | | | If we put the emoji filter before the reference filters, each emoji will have a wrapper element that prevents the reference filter from detecting the presence of the emoji. As the emoji filter now runs after the reference filters, references must contain a literal emoji, not the GitLab Flavored Markdown versions (:100`, for example). A weird side-effect is that if you have a label with the 100 emoji, and a label named :100:, then trying to reference the latter will work (link to the correct label), but will render with the 100 emoji. I'm comfortable with that edge case, I think.
* Merge branch 'fix/allow-lower-case-issue-ids' into 'master'Sean McGivern2019-06-061-0/+7
|\ | | | | | | | | | | | | Allow lowercase prefix for Youtrack issue ids Closes #62661 See merge request gitlab-org/gitlab-ce!29057
| * Allow lowercase prefix for Youtrack issue idsMatthias Baur2019-06-031-0/+7
| | | | | | | | | | Relates to #42595. Fixes #62661.
* | Use Redis for CacheMarkDownField on non AR modelsPatrick Bajao2019-06-053-12/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows using `CacheMarkdownField` for models that are not backed by ActiveRecord. When the including class inherits `ActiveRecord::Base` we include `Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the markdown fields to be rendered and the generated HTML stored in a `<field>_html` attribute on the record. We also store the version used for generating the markdown. All other classes that include this model will include the `Gitlab::MarkdownCache::Redis::Extension`. This add the `<field>_html` attributes to that model and will generate the html in them. The generated HTML will be cached in redis under the key `markdown_cache:<class>:<id>`. The class this included in must therefore respond to `id`.
* | Merge branch 'security-60143-address-xss-issue-master' into 'master'Robert Speicher2019-06-031-0/+42
|\ \ | | | | | | | | | | | | Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3108
| * | Reject slug+uri concat if slug is deemed unsafeKerri Miller2019-05-241-0/+42
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
* | Merge branch 'security-fix-project-existence-disclosure-master' into 'master'GitLab Release Tools Bot2019-06-031-14/+18
|\ \ | |/ |/| | | | | Fix url redaction for issue links See merge request gitlab/gitlabhq!3091
| * Fix url redaction for issue linksPatrick Derichs2019-05-031-14/+18
| | | | | | | | | | | | | | | | | | | | Add changelog entry Add missing href to all redactor specs and removed href assignment Remove obsolete spec If original_content is given, it should be used for link content
* | Fix milestone references with HTML entities in the namefix-milestone-references-with-escaped-html-entitiesSean McGivern2019-05-241-0/+21
| | | | | | | | | | | | | | | | | | When a milestone name contained an HTML entity that would be escaped (&, <, >), then it wasn't possible to refer to this milestone by name, or use it in a quick action. This already worked for labels, but not for milestones. We take care to re-escape un-matched milestones, too.
* | Fix typos in the whole gitlab-ce projectYoginth2019-05-201-1/+1
| |
* | Merge branch 'patch-49' into 'master'Sean McGivern2019-05-061-0/+5
|\ \ | |/ |/| | | | | | | | | No leading/trailing spaces when generating heading ids (Fixes #57528) Closes #57528 See merge request gitlab-org/gitlab-ce!27025
| * Use strip to remove leading/trailing spacesWillian Balmant2019-04-111-1/+1
| | | | | | Change based on comments in MR #27025
| * No leading/trailing spaces when generating heading ids (Fixes #57528)Willian Balmant2019-04-101-0/+5
| | | | | | Update based on comments in MR #27025
* | Remove multi-line suggestions feature flagosw-remote-multi-line-suggestions-ffOswaldo Ferreira2019-04-101-23/+4
| | | | | | | | That's a straightforward feature flag code removal for 11.10
* | Merge branch '58717-checkbox-cannot-be-checked-if-a-blockquote-is-above' ↵Sean McGivern2019-04-051-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Checkbox cannot be checked if preceded by a blockquote Closes #58717 See merge request gitlab-org/gitlab-ce!26937
| * | Fenced blockquotes to not change source line pos58717-checkbox-cannot-be-checked-if-a-blockquote-is-aboveBrett Walker2019-04-041-1/+1
| |/ | | | | | | | | Replaces blockquote fences with \n, keeping the line numbering intact.
* | Autocorrect with RSpec/ExampleWording copThong Kuah2019-04-051-3/+3
|/ | | | | | | - rewords examples starting with 'should' - rewords examples starting with 'it' Note: I had to manually fixup "onlies" to "only"
* Fixed test specsOswaldo Ferreira2019-04-041-32/+0
| | | | | - added suggestions to mock data - fixed props to be not required
* Merge branch '54916-extended-tooltip-for-merge-request-links' into 'master'Phil Hughes2019-03-261-4/+21
|\ | | | | | | | | | | | | Resolve "Extended tooltip for merge request links" Closes #54916 See merge request gitlab-org/gitlab-ce!25221
| * Add merge request popover with detailsSam Bigelow2019-03-211-4/+21
| | | | | | | | | | | | | | | | | | - Show pipeline status, title, MR Status and project path - Popover attached to gitlab flavored markdown everywhere, including: + MR/Issue Title + MR/Issue description + MR/Issue comments + Rendered markdown files
* | Implement multi-line suggestions filteringOswaldo Ferreira2019-03-203-2/+92
|/ | | | | Implements the filtering logic for `suggestion:-x+y` syntax.
* Lowercase letters support and additional tests for YouTrack integration serviceYauhen Kotau2019-02-201-0/+14
|
* Added YouTrack integrationYauhen Kotau2019-02-181-0/+22
| | | | Fixes gitlab-org/gitlab-ce#42595
* Properly handle multiple refs to same footnoteBrett Walker2019-02-131-0/+2
|
* Add local markdown versionlocal-markdown-versionJan Provaznik2019-02-061-1/+1
| | | | | | Cached markdown version is composed both from global and local markdown version. This allows admins to bump version locally when needed (e.g. when external URL is changed).
* Merge branch 'jprovazn-remove-redcarpet' into 'master'Grzegorz Bizon2019-02-052-41/+0
|\ | | | | | | | | | | | | Remove Redcarpet markdown engine Closes #51374 See merge request gitlab-org/gitlab-ce!24819
| * Remove Redcarpet markdown engineJan Provaznik2019-02-042-41/+0
| | | | | | | | | | This engine was replaced with CommonMarker in 11.4, it was deprecated since then.
* | Catch possible Addressable::URI::InvalidURIErrorBrett Walker2019-02-041-0/+7
|/
* Show tooltip for malicious looking linksBrett Walker2019-01-314-0/+133
| | | | | | | Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
* Fix slow project reference pattern regexHeinrich Lee Yu2019-01-311-0/+6
|
* Merge branch 'bw-enable-sourcepos' into 'master'Robert Speicher2019-01-284-7/+52
|\ | | | | | | | | Enable CommonMark source line position information See merge request gitlab-org/gitlab-ce!23971
| * Fix review commentsBrett Walker2019-01-213-10/+16
| | | | | | | | | | | | including refactoring, disabling sourcepos for pipelines that don't need it, and minimizing spec changes by disabling sourcepos when not testing for it explicitly.
| * Enable CommonMark source line position informationBrett Walker2019-01-213-5/+44
| | | | | | | | | | | | This adds 'data-sourcepos' to tags, indicating which line of markdown it came from. Sets the stage for intelligently manipulating specific lines of markdown.
* | Enable the Layout/ExtraSpacing cop56392-enable-the-layout-extraspacing-copRémy Coutable2019-01-245-5/+5
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Fix 404s for snippet uploads when relative URL root usedStan Hu2019-01-221-0/+54
|/ | | | | | | | | Personal snippet uploads have neither a group nor a project. If a GitLab instance were configured with a relative URL root (e.g. `/gitlab`), then the Markdown filter would not include this root in the generated path. We fix this by adding this root if there is no group or project. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56280
* Refactoring and addressing review commentsBrett Walker2019-01-173-30/+62
| | | | and additional spec
* Updates based on review commentsBrett Walker2019-01-101-0/+7
|
* Properly process footnotes in markdownBrett Walker2019-01-082-1/+85
| | | | | All the ids and classes were stripped. Add them back in and make ids unique
* Merge branch 'security-label-xss' into 'master'John Jarvis2019-01-021-0/+18
|\ | | | | | | | | [master] Escape html entities when no label found See merge request gitlab/gitlabhq!2706
| * Escape html entities when no label foundJarka Košanová2018-12-121-0/+18
| |
* | Merge branch 'security-master-url-rel' into 'master'John Jarvis2019-01-021-4/+4
|\ \ | | | | | | | | | | | | [master] Set URL rel attribute for broken URLs See merge request gitlab/gitlabhq!2695
| * | Set URL rel attribute for broken URLsJan Provaznik2018-12-111-4/+4
| |/ | | | | | | | | | | It's possible that URI fails to parse a link, but browsers still recognize given URL as a link, we should make sure that 'rel' attribute is set also in this case.
View Lorry Controller Status