Banzai::Filter::UploadLinkFilter use XPath
This commit is contained in:
parent
1b43f51ad0
commit
46696bde83
|
@ -118,6 +118,7 @@ v 8.8.5
|
||||||
- Prevent unauthorized access for projects build traces
|
- Prevent unauthorized access for projects build traces
|
||||||
- Forbid scripting for wiki files
|
- Forbid scripting for wiki files
|
||||||
- Only show notes through JSON on confidential issues that the user has access to
|
- Only show notes through JSON on confidential issues that the user has access to
|
||||||
|
- Banzai::Filter::UploadLinkFilter use XPath instead CSS expressions
|
||||||
|
|
||||||
v 8.8.4
|
v 8.8.4
|
||||||
- Fix LDAP-based login for users with 2FA enabled. !4493
|
- Fix LDAP-based login for users with 2FA enabled. !4493
|
||||||
|
|
|
@ -10,11 +10,11 @@ module Banzai
|
||||||
def call
|
def call
|
||||||
return doc unless project
|
return doc unless project
|
||||||
|
|
||||||
doc.search('a').each do |el|
|
doc.xpath('descendant-or-self::a[starts-with(@href, "/uploads/")]').each do |el|
|
||||||
process_link_attr el.attribute('href')
|
process_link_attr el.attribute('href')
|
||||||
end
|
end
|
||||||
|
|
||||||
doc.search('img').each do |el|
|
doc.xpath('descendant-or-self::img[starts-with(@src, "/uploads/")]').each do |el|
|
||||||
process_link_attr el.attribute('src')
|
process_link_attr el.attribute('src')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -24,12 +24,7 @@ module Banzai
|
||||||
protected
|
protected
|
||||||
|
|
||||||
def process_link_attr(html_attr)
|
def process_link_attr(html_attr)
|
||||||
return if html_attr.blank?
|
html_attr.value = build_url(html_attr.value).to_s
|
||||||
|
|
||||||
uri = html_attr.value
|
|
||||||
if uri.starts_with?("/uploads/")
|
|
||||||
html_attr.value = build_url(uri).to_s
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def build_url(uri)
|
def build_url(uri)
|
||||||
|
|
|
@ -23,6 +23,14 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
|
||||||
%(<a href="#{path}">#{path}</a>)
|
%(<a href="#{path}">#{path}</a>)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def nested_image(path)
|
||||||
|
%(<div><img src="#{path}" /></div>)
|
||||||
|
end
|
||||||
|
|
||||||
|
def nested_link(path)
|
||||||
|
%(<div><a href="#{path}">#{path}</a></div>)
|
||||||
|
end
|
||||||
|
|
||||||
let(:project) { create(:project) }
|
let(:project) { create(:project) }
|
||||||
|
|
||||||
shared_examples :preserve_unchanged do
|
shared_examples :preserve_unchanged do
|
||||||
|
@ -47,11 +55,19 @@ describe Banzai::Filter::UploadLinkFilter, lib: true do
|
||||||
doc = filter(link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
doc = filter(link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
||||||
expect(doc.at_css('a')['href']).
|
expect(doc.at_css('a')['href']).
|
||||||
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
||||||
|
|
||||||
|
doc = filter(nested_link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
||||||
|
expect(doc.at_css('a')['href']).
|
||||||
|
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'rebuilds relative URL for an image' do
|
it 'rebuilds relative URL for an image' do
|
||||||
doc = filter(link('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
doc = filter(image('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
||||||
expect(doc.at_css('a')['href']).
|
expect(doc.at_css('img')['src']).
|
||||||
|
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
||||||
|
|
||||||
|
doc = filter(nested_image('/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg'))
|
||||||
|
expect(doc.at_css('img')['src']).
|
||||||
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
to eq "#{Gitlab.config.gitlab.url}/#{project.path_with_namespace}/uploads/e90decf88d8f96fe9e1389afc2e4a91f/test.jpg"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue