From e85aaadb63cd980b427b444d21c21c56a5142dc9 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Wed, 15 Feb 2023 23:50:48 +0100 Subject: [PATCH 1/6] Pass Markdown renderer options into renderer --- app/helpers/markdown_helper.rb | 30 +++++++++-------- config/initializers/redcarpet.rb | 55 +++++++++++++++++--------------- 2 files changed, 47 insertions(+), 38 deletions(-) diff --git a/app/helpers/markdown_helper.rb b/app/helpers/markdown_helper.rb index 6d80f255..41c9bb8c 100644 --- a/app/helpers/markdown_helper.rb +++ b/app/helpers/markdown_helper.rb @@ -1,36 +1,40 @@ -module MarkdownHelper +# frozen_string_literal: true +module MarkdownHelper def markdown(content) - md = Redcarpet::Markdown.new(FlavoredMarkdown, MARKDOWN_OPTS) - Sanitize.fragment(md.render(content), EVIL_TAGS).html_safe + renderer = FlavoredMarkdown.new(**MARKDOWN_RENDERER_OPTS) + md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) + Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe end def strip_markdown(content) - md = Redcarpet::Markdown.new(Redcarpet::Render::StripDown, MARKDOWN_OPTS) + renderer = Redcarpet::Render::StripDown.new + md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) CGI.unescape_html(Sanitize.fragment(CGI.escape_html(md.render(content)), EVIL_TAGS)).strip end def twitter_markdown(content) - md = Redcarpet::Markdown.new(TwitteredMarkdown, MARKDOWN_OPTS) + renderer = TwitteredMarkdown.new + md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) CGI.unescape_html(Sanitize.fragment(CGI.escape_html(md.render(content)), EVIL_TAGS)).strip end def question_markdown(content) - md = Redcarpet::Markdown.new(QuestionMarkdown.new, MARKDOWN_OPTS) - Sanitize.fragment(md.render(content), EVIL_TAGS).html_safe + renderer = QuestionMarkdown.new + md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) + Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe end def raw_markdown(content) - md = Redcarpet::Markdown.new(Redcarpet::Render::HTML, RAW_MARKDOWN_OPTS) + renderer = Redcarpet::Render::HTML.new(MARKDOWN_RENDERER_OPTS) + md = Redcarpet::Markdown.new(renderer, RAW_MARKDOWN_OPTS) raw md.render content end def get_markdown(path, relative_to = Rails.root) - begin - File.read relative_to.join(path) - rescue Errno::ENOENT - "# Error reading #{relative_to.join(path)}" - end + File.read relative_to.join(path) + rescue Errno::ENOENT + "# Error reading #{relative_to.join(path)}" end def markdown_io(path, relative_to = Rails.root) diff --git a/config/initializers/redcarpet.rb b/config/initializers/redcarpet.rb index aed5e5ff..79c26b1a 100644 --- a/config/initializers/redcarpet.rb +++ b/config/initializers/redcarpet.rb @@ -1,32 +1,37 @@ -require 'redcarpet/render_strip' +# frozen_string_literal: true + +require "redcarpet/render_strip" MARKDOWN_OPTS = { - filter_html: true, - escape_html: true, - no_images: true, - no_styles: true, - safe_links_only: true, - xhtml: false, - hard_wrap: true, - no_intra_emphasis: true, - tables: true, - fenced_code_blocks: true, - autolink: true, - disable_indented_code_blocks: true, - strikethrough: true, - superscript: false -} + no_intra_emphasis: true, + tables: true, + fenced_code_blocks: true, + autolink: true, + disable_indented_code_blocks: true, + strikethrough: true, + superscript: false, +}.freeze + +MARKDOWN_RENDERER_OPTS = { + filter_html: true, + escape_html: true, + no_images: true, + no_styles: true, + safe_links_only: true, + xhtml: false, + hard_wrap: true, +}.freeze RAW_MARKDOWN_OPTS = { - tables: true, - fenced_code_blocks: true, - autolink: true, + tables: true, + fenced_code_blocks: true, + autolink: true, disable_indented_code_blocks: true, - strikethrough: true, - superscript: false -} + strikethrough: true, + superscript: false, +}.freeze ALLOWED_HOSTS_IN_MARKDOWN = [ - APP_CONFIG['hostname'], - *APP_CONFIG['allowed_hosts_in_markdown'] -] \ No newline at end of file + APP_CONFIG["hostname"], + *APP_CONFIG["allowed_hosts_in_markdown"] +].freeze From 062ca6e65aedcd2d2472869fe89c1823643aca36 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Wed, 15 Feb 2023 23:51:59 +0100 Subject: [PATCH 2/6] Ensure `hard_wrap` renderer option is respected --- app/services/flavored_markdown.rb | 4 ---- spec/helpers/markdown_helper_spec.rb | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/app/services/flavored_markdown.rb b/app/services/flavored_markdown.rb index a6ecde56..26ee6af6 100644 --- a/app/services/flavored_markdown.rb +++ b/app/services/flavored_markdown.rb @@ -18,10 +18,6 @@ class FlavoredMarkdown < Redcarpet::Render::HTML paragraph text end - def paragraph(text) - "

#{text}

" - end - def raw_html(raw_html) Rack::Utils.escape_html raw_html end diff --git a/spec/helpers/markdown_helper_spec.rb b/spec/helpers/markdown_helper_spec.rb index 177b42c7..e5f94884 100644 --- a/spec/helpers/markdown_helper_spec.rb +++ b/spec/helpers/markdown_helper_spec.rb @@ -31,6 +31,10 @@ describe MarkdownHelper, type: :helper do it "should escape HTML tags" do expect(markdown("I'm

a test

")).to eq("

I'm <h1>a test</h1>

") end + + it "should turn line breaks into
tags" do + expect(markdown("Some\ntext")).to eq("

Some
\ntext

") + end end describe "#strip_markdown" do From 998852758006677efb2361eb1488b2e2a9d16fc5 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Wed, 15 Feb 2023 23:52:10 +0100 Subject: [PATCH 3/6] Hard wrap in question markdown --- app/services/question_markdown.rb | 4 +--- spec/helpers/markdown_helper_spec.rb | 4 ++++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/services/question_markdown.rb b/app/services/question_markdown.rb index 6ae585ea..6a251641 100644 --- a/app/services/question_markdown.rb +++ b/app/services/question_markdown.rb @@ -6,9 +6,7 @@ class QuestionMarkdown < Redcarpet::Render::StripDown include Rails.application.routes.url_helpers include SharedMarkers - def paragraph(text) - "

#{text}

" - end + def paragraph(text) = "

#{text.gsub("\n", '
')}

" def link(link, _title, _content) process_link(link) diff --git a/spec/helpers/markdown_helper_spec.rb b/spec/helpers/markdown_helper_spec.rb index e5f94884..b4c22b76 100644 --- a/spec/helpers/markdown_helper_spec.rb +++ b/spec/helpers/markdown_helper_spec.rb @@ -74,6 +74,10 @@ describe MarkdownHelper, type: :helper do it "should not process invalid links" do expect(question_markdown("https://example.com/example.質問")).to eq("

https://example.com/example.質問

") end + + it "should turn line breaks into
tags" do + expect(markdown("Some\ntext")).to eq("

Some
\ntext

") + end end describe "#raw_markdown" do From 7650bae75c8ae67260e3b68fdbae91f28fa24e06 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Thu, 16 Feb 2023 00:00:04 +0100 Subject: [PATCH 4/6] Appease the dog overlords --- app/helpers/markdown_helper.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/helpers/markdown_helper.rb b/app/helpers/markdown_helper.rb index 41c9bb8c..f71b4c8c 100644 --- a/app/helpers/markdown_helper.rb +++ b/app/helpers/markdown_helper.rb @@ -4,7 +4,8 @@ module MarkdownHelper def markdown(content) renderer = FlavoredMarkdown.new(**MARKDOWN_RENDERER_OPTS) md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) - Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe + # As the string has been sanitized we can mark it as HTML safe + Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe # rubocop:disable Rails/OutputSafety end def strip_markdown(content) @@ -22,7 +23,8 @@ module MarkdownHelper def question_markdown(content) renderer = QuestionMarkdown.new md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) - Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe + # As the string has been sanitized we can mark it as HTML safe + Sanitize.fragment(md.render(content), EVIL_TAGS).strip.html_safe # rubocop:disable Rails/OutputSafety end def raw_markdown(content) From f5050971e93acb6169287afee3c30491333469ba Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Sat, 18 Feb 2023 20:19:31 +0100 Subject: [PATCH 5/6] Remove raw markdown options --- app/helpers/markdown_helper.rb | 4 ++-- config/initializers/redcarpet.rb | 9 --------- 2 files changed, 2 insertions(+), 11 deletions(-) diff --git a/app/helpers/markdown_helper.rb b/app/helpers/markdown_helper.rb index f71b4c8c..ef634209 100644 --- a/app/helpers/markdown_helper.rb +++ b/app/helpers/markdown_helper.rb @@ -28,8 +28,8 @@ module MarkdownHelper end def raw_markdown(content) - renderer = Redcarpet::Render::HTML.new(MARKDOWN_RENDERER_OPTS) - md = Redcarpet::Markdown.new(renderer, RAW_MARKDOWN_OPTS) + renderer = Redcarpet::Render::HTML.new(**MARKDOWN_RENDERER_OPTS) + md = Redcarpet::Markdown.new(renderer, **MARKDOWN_OPTS) raw md.render content end diff --git a/config/initializers/redcarpet.rb b/config/initializers/redcarpet.rb index 79c26b1a..484a8b18 100644 --- a/config/initializers/redcarpet.rb +++ b/config/initializers/redcarpet.rb @@ -22,15 +22,6 @@ MARKDOWN_RENDERER_OPTS = { hard_wrap: true, }.freeze -RAW_MARKDOWN_OPTS = { - tables: true, - fenced_code_blocks: true, - autolink: true, - disable_indented_code_blocks: true, - strikethrough: true, - superscript: false, -}.freeze - ALLOWED_HOSTS_IN_MARKDOWN = [ APP_CONFIG["hostname"], *APP_CONFIG["allowed_hosts_in_markdown"] From ef828462e14b52545eeecda85ec3d1a8b613c9e1 Mon Sep 17 00:00:00 2001 From: Karina Kwiatek Date: Sat, 18 Feb 2023 20:21:28 +0100 Subject: [PATCH 6/6] Remove line about creating paragraphs in formatting help This is now not needed as line breaks are kept during render --- config/locales/views.en.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/config/locales/views.en.yml b/config/locales/views.en.yml index 351e2c03..d16c9ce5 100644 --- a/config/locales/views.en.yml +++ b/config/locales/views.en.yml @@ -567,7 +567,6 @@ en: formatting: body_html: |

%{app_name} uses Markdown for formatting

-

A blank line starts a new paragraph

*italic text* for italic text

**bold text** for bold text

[link](https://example.com) for link