Commit 635d9012 authored by Brett Walker's avatar Brett Walker

Remove images in 'first_line_in_markdown'

By default, we now strip images in the 'first_line_in_markdown'
method.  This keeps images from being displayed in the
one-liner of both todo and project activity panels.

Although not currently used, we allow images to be preserved
with the allow_images: true options.
parent c7d1eef6
...@@ -74,14 +74,21 @@ module MarkupHelper ...@@ -74,14 +74,21 @@ module MarkupHelper
# the tag contents are truncated without removing the closing tag. # the tag contents are truncated without removing the closing tag.
def first_line_in_markdown(object, attribute, max_chars = nil, options = {}) def first_line_in_markdown(object, attribute, max_chars = nil, options = {})
md = markdown_field(object, attribute, options) md = markdown_field(object, attribute, options)
return nil unless md.present?
text = truncate_visible(md, max_chars || md.length) if md.present? tags = %w(a gl-emoji b pre code p span)
tags << 'img' if options[:allow_images]
sanitize( text = truncate_visible(md, max_chars || md.length)
text = sanitize(
text, text,
tags: %w(a img gl-emoji b pre code p span), tags: tags,
attributes: Rails::Html::WhiteListSanitizer.allowed_attributes + ['style', 'data-src', 'data-name', 'data-unicode-version'] attributes: Rails::Html::WhiteListSanitizer.allowed_attributes + ['style', 'data-src', 'data-name', 'data-unicode-version']
) )
# since <img> tags are stripped, this can leave empty <a> tags hanging around
# (as our markdown wraps images in links)
options[:allow_images] ? text : strip_empty_link_tags(text).html_safe
end end
def markdown(text, context = {}) def markdown(text, context = {})
...@@ -235,6 +242,16 @@ module MarkupHelper ...@@ -235,6 +242,16 @@ module MarkupHelper
end end
end end
def strip_empty_link_tags(text)
scrubber = Loofah::Scrubber.new do |node|
node.remove if node.name == 'a' && node.content.blank?
end
# Use `Loofah` directly instead of `sanitize`
# as we still use the `rails-deprecated_sanitizer` gem
Loofah.fragment(text).scrub!(scrubber).to_s
end
def markdown_toolbar_button(options = {}) def markdown_toolbar_button(options = {})
data = options[:data].merge({ container: 'body' }) data = options[:data].merge({ container: 'body' })
content_tag :button, content_tag :button,
......
---
title: Images are no longer displayed in Todo descriptions
merge_request: 21704
author:
type: fixed
...@@ -339,11 +339,25 @@ describe MarkupHelper do ...@@ -339,11 +339,25 @@ describe MarkupHelper do
expect(first_line_in_markdown(object, attribute, 150, project: project)).to eq(expected) expect(first_line_in_markdown(object, attribute, 150, project: project)).to eq(expected)
end end
context 'when images are allowed' do
it 'preserves data-src for lazy images' do it 'preserves data-src for lazy images' do
object = create_object("![ImageTest](/uploads/test.png)") object = create_object("![ImageTest](/uploads/test.png)")
image_url = "data-src=\".*/uploads/test.png\"" image_url = "data-src=\".*/uploads/test.png\""
text = first_line_in_markdown(object, attribute, 150, project: project, allow_images: true)
expect(first_line_in_markdown(object, attribute, 150, project: project)).to match(image_url) expect(text).to match(image_url)
expect(text).to match('<a')
end
end
context 'when images are not allowed' do
it 'removes any images' do
object = create_object("![ImageTest](/uploads/test.png)")
text = first_line_in_markdown(object, attribute, 150, project: project)
expect(text).not_to match('<img')
expect(text).not_to match('<a')
end
end end
context 'labels formatting' do context 'labels formatting' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment