diff --git a/app/helpers/gitlab_markdown_helper.rb b/app/helpers/gitlab_markdown_helper.rb index 7ca3f058636..17266656a4e 100644 --- a/app/helpers/gitlab_markdown_helper.rb +++ b/app/helpers/gitlab_markdown_helper.rb @@ -31,24 +31,28 @@ module GitlabMarkdownHelper def markdown(text, options={}) unless @markdown && options == @options @options = options - gitlab_renderer = Redcarpet::Render::GitlabHTML.new(self, - user_color_scheme_class, - { - # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch- - with_toc_data: true, - safe_links_only: true - }.merge(options)) - @markdown = Redcarpet::Markdown.new(gitlab_renderer, - # see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use - no_intra_emphasis: true, - tables: true, - fenced_code_blocks: true, - autolink: true, - strikethrough: true, - lax_spacing: true, - space_after_headers: true, - superscript: true) + + # see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch + rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, { + with_toc_data: true, + safe_links_only: true, + # Handled further down the line by HTML::Pipeline::SanitizationFilter + escape_html: false + }.merge(options)) + + # see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use + @markdown = Redcarpet::Markdown.new(rend, + no_intra_emphasis: true, + tables: true, + fenced_code_blocks: true, + autolink: true, + strikethrough: true, + lax_spacing: true, + space_after_headers: true, + superscript: true + ) end + @markdown.render(text).html_safe end