From ffb107ac7d8ba17ecd4d10ef1d8a94d5c62630b2 Mon Sep 17 00:00:00 2001 From: Oswaldo Ferreira Date: Mon, 26 Feb 2018 12:28:49 -0300 Subject: Keep link when redacting unauthorized object links --- ...ep-link-when-redacting-unauthorized-objects.yml | 5 +++++ lib/banzai/filter/abstract_reference_filter.rb | 15 +++++++------ lib/banzai/redactor.rb | 25 ++++++++++++++++++---- spec/lib/banzai/redactor_spec.rb | 10 +++++++++ 4 files changed, 45 insertions(+), 10 deletions(-) create mode 100644 changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml diff --git a/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml new file mode 100644 index 00000000000..dddd8473df5 --- /dev/null +++ b/changelogs/unreleased/40502-osw-keep-link-when-redacting-unauthorized-objects.yml @@ -0,0 +1,5 @@ +--- +title: Keep link when redacting unauthorized object links +merge_request: +author: +type: fixed diff --git a/lib/banzai/filter/abstract_reference_filter.rb b/lib/banzai/filter/abstract_reference_filter.rb index e7e6a90b5fd..c9e3f8ce42b 100644 --- a/lib/banzai/filter/abstract_reference_filter.rb +++ b/lib/banzai/filter/abstract_reference_filter.rb @@ -174,7 +174,9 @@ module Banzai title = object_link_title(object) klass = reference_class(object_sym) - data = data_attributes_for(link_content || match, parent, object, link: !!link_content) + data = data_attributes_for(link_content || match, parent, object, + link_content: !!link_content, + link_reference: link_reference) url = if matches.names.include?("url") && matches[:url] @@ -194,12 +196,13 @@ module Banzai end end - def data_attributes_for(text, project, object, link: false) + def data_attributes_for(text, project, object, link_content: false, link_reference: false) data_attribute( - original: text, - link: link, - project: project.id, - object_sym => object.id + original: text, + link: link_content, + link_reference: link_reference, + project: project.id, + object_sym => object.id ) end diff --git a/lib/banzai/redactor.rb b/lib/banzai/redactor.rb index 827df7c08ae..fd457bebf03 100644 --- a/lib/banzai/redactor.rb +++ b/lib/banzai/redactor.rb @@ -42,16 +42,33 @@ module Banzai next if visible.include?(node) doc_data[:visible_reference_count] -= 1 - # The reference should be replaced by the original link's content, - # which is not always the same as the rendered one. - content = node.attr('data-original') || node.inner_html - node.replace(content) + redacted_content = redacted_node_content(node) + node.replace(redacted_content) end end metadata end + # Return redacted content of given node as either the original link ( tag), + # the original content (text), or the inner HTML of the node. + # + def redacted_node_content(node) + original_content = node.attr('data-original') + link_reference = node.attr('data-link-reference') + + # Build the raw tag just with a link as href and content if + # it's originally a link pattern. We shouldn't return a plain text href. + original_link = + if link_reference == 'true' && href = original_content + %(#{href}) + end + + # The reference should be replaced by the original link's content, + # which is not always the same as the rendered one. + original_link || original_content || node.inner_html + end + def redact_cross_project_references(documents) extractor = Banzai::IssuableExtractor.new(project, user) issuables = extractor.extract(documents) diff --git a/spec/lib/banzai/redactor_spec.rb b/spec/lib/banzai/redactor_spec.rb index 1fa89137972..441f3725985 100644 --- a/spec/lib/banzai/redactor_spec.rb +++ b/spec/lib/banzai/redactor_spec.rb @@ -40,6 +40,16 @@ describe Banzai::Redactor do expect(doc.to_html).to eq(original_content) end end + + it 'returns tag with original href if it is originally a link reference' do + href = 'http://localhost:3000' + doc = Nokogiri::HTML + .fragment("#{href}") + + redactor.redact([doc]) + + expect(doc.to_html).to eq('http://localhost:3000') + end end context 'when project is in pending delete' do -- cgit v1.2.1