summaryrefslogtreecommitdiff
path: root/spec/lib/banzai
Commit message (Collapse)AuthorAgeFilesLines
* Do not rewrite relative links for system notesbug/63162-duplicate_path_in_linksMario de la Ossa2019-06-201-0/+7
|
* Allow emoji in label and milestone referencesallow-emoji-in-referencesSean McGivern2019-06-071-0/+23
| | | | | | | | | | | | | | | If we put the emoji filter before the reference filters, each emoji will have a wrapper element that prevents the reference filter from detecting the presence of the emoji. As the emoji filter now runs after the reference filters, references must contain a literal emoji, not the GitLab Flavored Markdown versions (:100`, for example). A weird side-effect is that if you have a label with the 100 emoji, and a label named :100:, then trying to reference the latter will work (link to the correct label), but will render with the 100 emoji. I'm comfortable with that edge case, I think.
* Merge branch 'fix/allow-lower-case-issue-ids' into 'master'Sean McGivern2019-06-061-0/+7
|\ | | | | | | | | | | | | Allow lowercase prefix for Youtrack issue ids Closes #62661 See merge request gitlab-org/gitlab-ce!29057
| * Allow lowercase prefix for Youtrack issue idsMatthias Baur2019-06-031-0/+7
| | | | | | | | | | Relates to #42595. Fixes #62661.
* | Use Redis for CacheMarkDownField on non AR modelsPatrick Bajao2019-06-053-12/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows using `CacheMarkdownField` for models that are not backed by ActiveRecord. When the including class inherits `ActiveRecord::Base` we include `Gitlab::MarkdownCache::ActiveRecord::Extension`. This will cause the markdown fields to be rendered and the generated HTML stored in a `<field>_html` attribute on the record. We also store the version used for generating the markdown. All other classes that include this model will include the `Gitlab::MarkdownCache::Redis::Extension`. This add the `<field>_html` attributes to that model and will generate the html in them. The generated HTML will be cached in redis under the key `markdown_cache:<class>:<id>`. The class this included in must therefore respond to `id`.
* | Merge branch 'security-60143-address-xss-issue-master' into 'master'Robert Speicher2019-06-031-0/+42
|\ \ | | | | | | | | | | | | Reject slug+uri concat if slug is deemed unsafe See merge request gitlab/gitlabhq!3108
| * | Reject slug+uri concat if slug is deemed unsafeKerri Miller2019-05-241-0/+42
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | First reported: https://gitlab.com/gitlab-org/gitlab-ce/issues/60143 When the page slug is "javascript:" and we attempt to link to a relative path (using `.` or `..`) the code will concatenate the slug and the uri. This MR adds a guard to that concat step that will return `nil` if the incoming slug matches against any of the "unsafe" slug regexes; currently this is only for the slug "javascript:" but can be extended if needed. Manually tested against a non-exhaustive list from OWASP of common javascript XSS exploits that have to to with mangling the "javascript:" method, and all are caught by this change or by existing code that ingests the user-specified slug.
* | Merge branch 'security-fix-project-existence-disclosure-master' into 'master'GitLab Release Tools Bot2019-06-031-14/+18
|\ \ | |/ |/| | | | | Fix url redaction for issue links See merge request gitlab/gitlabhq!3091
| * Fix url redaction for issue linksPatrick Derichs2019-05-031-14/+18
| | | | | | | | | | | | | | | | | | | | Add changelog entry Add missing href to all redactor specs and removed href assignment Remove obsolete spec If original_content is given, it should be used for link content
* | Fix milestone references with HTML entities in the namefix-milestone-references-with-escaped-html-entitiesSean McGivern2019-05-241-0/+21
| | | | | | | | | | | | | | | | | | When a milestone name contained an HTML entity that would be escaped (&, <, >), then it wasn't possible to refer to this milestone by name, or use it in a quick action. This already worked for labels, but not for milestones. We take care to re-escape un-matched milestones, too.
* | Fix typos in the whole gitlab-ce projectYoginth2019-05-201-1/+1
| |
* | Merge branch 'patch-49' into 'master'Sean McGivern2019-05-061-0/+5
|\ \ | |/ |/| | | | | | | | | No leading/trailing spaces when generating heading ids (Fixes #57528) Closes #57528 See merge request gitlab-org/gitlab-ce!27025
| * Use strip to remove leading/trailing spacesWillian Balmant2019-04-111-1/+1
| | | | | | Change based on comments in MR #27025
| * No leading/trailing spaces when generating heading ids (Fixes #57528)Willian Balmant2019-04-101-0/+5
| | | | | | Update based on comments in MR #27025
* | Remove multi-line suggestions feature flagosw-remote-multi-line-suggestions-ffOswaldo Ferreira2019-04-101-23/+4
| | | | | | | | That's a straightforward feature flag code removal for 11.10
* | Merge branch '58717-checkbox-cannot-be-checked-if-a-blockquote-is-above' ↵Sean McGivern2019-04-051-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | into 'master' Checkbox cannot be checked if preceded by a blockquote Closes #58717 See merge request gitlab-org/gitlab-ce!26937
| * | Fenced blockquotes to not change source line pos58717-checkbox-cannot-be-checked-if-a-blockquote-is-aboveBrett Walker2019-04-041-1/+1
| |/ | | | | | | | | Replaces blockquote fences with \n, keeping the line numbering intact.
* | Autocorrect with RSpec/ExampleWording copThong Kuah2019-04-051-3/+3
|/ | | | | | | - rewords examples starting with 'should' - rewords examples starting with 'it' Note: I had to manually fixup "onlies" to "only"
* Fixed test specsOswaldo Ferreira2019-04-041-32/+0
| | | | | - added suggestions to mock data - fixed props to be not required
* Merge branch '54916-extended-tooltip-for-merge-request-links' into 'master'Phil Hughes2019-03-261-4/+21
|\ | | | | | | | | | | | | Resolve "Extended tooltip for merge request links" Closes #54916 See merge request gitlab-org/gitlab-ce!25221
| * Add merge request popover with detailsSam Bigelow2019-03-211-4/+21
| | | | | | | | | | | | | | | | | | - Show pipeline status, title, MR Status and project path - Popover attached to gitlab flavored markdown everywhere, including: + MR/Issue Title + MR/Issue description + MR/Issue comments + Rendered markdown files
* | Implement multi-line suggestions filteringOswaldo Ferreira2019-03-203-2/+92
|/ | | | | Implements the filtering logic for `suggestion:-x+y` syntax.
* Lowercase letters support and additional tests for YouTrack integration serviceYauhen Kotau2019-02-201-0/+14
|
* Added YouTrack integrationYauhen Kotau2019-02-181-0/+22
| | | | Fixes gitlab-org/gitlab-ce#42595
* Properly handle multiple refs to same footnoteBrett Walker2019-02-131-0/+2
|
* Add local markdown versionlocal-markdown-versionJan Provaznik2019-02-061-1/+1
| | | | | | Cached markdown version is composed both from global and local markdown version. This allows admins to bump version locally when needed (e.g. when external URL is changed).
* Merge branch 'jprovazn-remove-redcarpet' into 'master'Grzegorz Bizon2019-02-052-41/+0
|\ | | | | | | | | | | | | Remove Redcarpet markdown engine Closes #51374 See merge request gitlab-org/gitlab-ce!24819
| * Remove Redcarpet markdown engineJan Provaznik2019-02-042-41/+0
| | | | | | | | | | This engine was replaced with CommonMarker in 11.4, it was deprecated since then.
* | Catch possible Addressable::URI::InvalidURIErrorBrett Walker2019-02-041-0/+7
|/
* Show tooltip for malicious looking linksBrett Walker2019-01-314-0/+133
| | | | | | | Such as those with IDN homographs or embedded right-to-left (RTLO) characters. Autolinked hrefs should be escaped
* Fix slow project reference pattern regexHeinrich Lee Yu2019-01-311-0/+6
|
* Merge branch 'bw-enable-sourcepos' into 'master'Robert Speicher2019-01-284-7/+52
|\ | | | | | | | | Enable CommonMark source line position information See merge request gitlab-org/gitlab-ce!23971
| * Fix review commentsBrett Walker2019-01-213-10/+16
| | | | | | | | | | | | including refactoring, disabling sourcepos for pipelines that don't need it, and minimizing spec changes by disabling sourcepos when not testing for it explicitly.
| * Enable CommonMark source line position informationBrett Walker2019-01-213-5/+44
| | | | | | | | | | | | This adds 'data-sourcepos' to tags, indicating which line of markdown it came from. Sets the stage for intelligently manipulating specific lines of markdown.
* | Enable the Layout/ExtraSpacing cop56392-enable-the-layout-extraspacing-copRémy Coutable2019-01-245-5/+5
| | | | | | | | Signed-off-by: Rémy Coutable <remy@rymai.me>
* | Fix 404s for snippet uploads when relative URL root usedStan Hu2019-01-221-0/+54
|/ | | | | | | | | Personal snippet uploads have neither a group nor a project. If a GitLab instance were configured with a relative URL root (e.g. `/gitlab`), then the Markdown filter would not include this root in the generated path. We fix this by adding this root if there is no group or project. Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56280
* Refactoring and addressing review commentsBrett Walker2019-01-173-30/+62
| | | | and additional spec
* Updates based on review commentsBrett Walker2019-01-101-0/+7
|
* Properly process footnotes in markdownBrett Walker2019-01-082-1/+85
| | | | | All the ids and classes were stripped. Add them back in and make ids unique
* Merge branch 'security-label-xss' into 'master'John Jarvis2019-01-021-0/+18
|\ | | | | | | | | [master] Escape html entities when no label found See merge request gitlab/gitlabhq!2706
| * Escape html entities when no label foundJarka Košanová2018-12-121-0/+18
| |
* | Merge branch 'security-master-url-rel' into 'master'John Jarvis2019-01-021-4/+4
|\ \ | | | | | | | | | | | | [master] Set URL rel attribute for broken URLs See merge request gitlab/gitlabhq!2695
| * | Set URL rel attribute for broken URLsJan Provaznik2018-12-111-4/+4
| |/ | | | | | | | | | | It's possible that URI fails to parse a link, but browsers still recognize given URL as a link, we should make sure that 'rel' attribute is set also in this case.
* | Add % prefix to milestone reference link textHeinrich Lee Yu2018-12-211-15/+15
| | | | | | | | Also update banzai tests to use reference_link_text
* | Remove feature flag for suggest changes featureOswaldo Ferreira2018-12-181-9/+0
| |
* | Allow suggesting single line changes in diffsOswaldo Ferreira2018-12-132-0/+67
|/
* Resolve "Extended user centric tooltips"Tim Zallmann2018-12-081-1/+1
|
* Changed frontmatter filtering to support YAML, JSON, TOML, and arbitrary ↵Travis Miller2018-12-072-53/+140
| | | | languages
* [CE] - Add milestones autocomplete for epicsFelipe Artur2018-12-071-9/+38
| | | | CE backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8632
* Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' ↵Cindy Pallares2018-11-281-0/+12
| | | | | | | | | into 'master' [master] XSS in markdown following unrecognized HTML element Closes #2732 See merge request gitlab/gitlabhq!2599
View Lorry Controller Status