From b142d449c6dbefbf16a55d53bd28867a682f341a Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Wed, 8 Apr 2015 12:24:06 -0400 Subject: Update redcarpet to 3.2.3 --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index cce1f47ef15..a3720ce17f8 100644 --- a/Gemfile +++ b/Gemfile @@ -94,7 +94,7 @@ gem 'html-pipeline-gitlab', '~> 0.1' gem "github-markup" # Required markup gems by github-markdown -gem 'redcarpet', '~> 3.1.2' +gem 'redcarpet', '~> 3.2.3' gem 'RedCloth' gem 'rdoc', '~>3.6' gem 'org-ruby', '= 0.9.12' diff --git a/Gemfile.lock b/Gemfile.lock index d7a292d4e53..747dbe1b037 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -457,7 +457,7 @@ GEM ffi (>= 0.5.0) rdoc (3.12.2) json (~> 1.4) - redcarpet (3.1.2) + redcarpet (3.2.3) redis (3.1.0) redis-actionpack (4.0.0) actionpack (~> 4) @@ -755,7 +755,7 @@ DEPENDENCIES rb-fsevent rb-inotify rdoc (~> 3.6) - redcarpet (~> 3.1.2) + redcarpet (~> 3.2.3) redis-rails request_store rspec-rails (= 2.99) -- cgit v1.2.1 From 13313d9e31b0d32dad925cae378d4f8ff8abcecf Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Wed, 8 Apr 2015 12:35:57 -0400 Subject: Disable RedCarpet's `escape_html` option This option defaults to true in RedCarpet 3.2.0, but we handle sanitization later in the process with html-pipeline. Closes #2211 --- app/helpers/gitlab_markdown_helper.rb | 38 +++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/app/helpers/gitlab_markdown_helper.rb b/app/helpers/gitlab_markdown_helper.rb index 7ca3f058636..17266656a4e 100644 --- a/app/helpers/gitlab_markdown_helper.rb +++ b/app/helpers/gitlab_markdown_helper.rb @@ -31,24 +31,28 @@ module GitlabMarkdownHelper def markdown(text, options={}) unless @markdown && options == @options @options = options - gitlab_renderer = Redcarpet::Render::GitlabHTML.new(self, - user_color_scheme_class, - { - # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch- - with_toc_data: true, - safe_links_only: true - }.merge(options)) - @markdown = Redcarpet::Markdown.new(gitlab_renderer, - # see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use - no_intra_emphasis: true, - tables: true, - fenced_code_blocks: true, - autolink: true, - strikethrough: true, - lax_spacing: true, - space_after_headers: true, - superscript: true) + + # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch + rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, { + with_toc_data: true, + safe_links_only: true, + # Handled further down the line by HTML::Pipeline::SanitizationFilter + escape_html: false + }.merge(options)) + + # see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use + @markdown = Redcarpet::Markdown.new(rend, + no_intra_emphasis: true, + tables: true, + fenced_code_blocks: true, + autolink: true, + strikethrough: true, + lax_spacing: true, + space_after_headers: true, + superscript: true + ) end + @markdown.render(text).html_safe end -- cgit v1.2.1 From 5a0ff2f52f3fbfa32b09e342552f03f851f4365b Mon Sep 17 00:00:00 2001 From: Robert Speicher Date: Wed, 8 Apr 2015 16:19:05 -0400 Subject: Be more explicit about which "Markdown" ReferenceExtractor includes --- lib/gitlab/reference_extractor.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gitlab/reference_extractor.rb b/lib/gitlab/reference_extractor.rb index 1058d4c43d9..c0419585c4b 100644 --- a/lib/gitlab/reference_extractor.rb +++ b/lib/gitlab/reference_extractor.rb @@ -3,7 +3,7 @@ module Gitlab class ReferenceExtractor attr_accessor :users, :labels, :issues, :merge_requests, :snippets, :commits, :commit_ranges - include Markdown + include ::Gitlab::Markdown def initialize @users, @labels, @issues, @merge_requests, @snippets, @commits, @commit_ranges = -- cgit v1.2.1