Disable RedCarpet's escape_html
option
This option defaults to true in RedCarpet 3.2.0, but we handle sanitization later in the process with html-pipeline. Closes #2211
This commit is contained in:
parent
b142d449c6
commit
13313d9e31
1 changed files with 21 additions and 17 deletions
|
@ -31,15 +31,17 @@ module GitlabMarkdownHelper
|
|||
def markdown(text, options={})
|
||||
unless @markdown && options == @options
|
||||
@options = options
|
||||
gitlab_renderer = Redcarpet::Render::GitlabHTML.new(self,
|
||||
user_color_scheme_class,
|
||||
{
|
||||
# see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch-
|
||||
|
||||
# see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch
|
||||
rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, {
|
||||
with_toc_data: true,
|
||||
safe_links_only: true
|
||||
safe_links_only: true,
|
||||
# Handled further down the line by HTML::Pipeline::SanitizationFilter
|
||||
escape_html: false
|
||||
}.merge(options))
|
||||
@markdown = Redcarpet::Markdown.new(gitlab_renderer,
|
||||
|
||||
# see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use
|
||||
@markdown = Redcarpet::Markdown.new(rend,
|
||||
no_intra_emphasis: true,
|
||||
tables: true,
|
||||
fenced_code_blocks: true,
|
||||
|
@ -47,8 +49,10 @@ module GitlabMarkdownHelper
|
|||
strikethrough: true,
|
||||
lax_spacing: true,
|
||||
space_after_headers: true,
|
||||
superscript: true)
|
||||
superscript: true
|
||||
)
|
||||
end
|
||||
|
||||
@markdown.render(text).html_safe
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue