Keep link when redacting unauthorized object links
This commit is contained in:
parent
565e4ee5a6
commit
ffb107ac7d
4 changed files with 45 additions and 10 deletions
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Keep link when redacting unauthorized object links
|
||||
merge_request:
|
||||
author:
|
||||
type: fixed
|
|
@ -174,7 +174,9 @@ module Banzai
|
|||
title = object_link_title(object)
|
||||
klass = reference_class(object_sym)
|
||||
|
||||
data = data_attributes_for(link_content || match, parent, object, link: !!link_content)
|
||||
data = data_attributes_for(link_content || match, parent, object,
|
||||
link_content: !!link_content,
|
||||
link_reference: link_reference)
|
||||
|
||||
url =
|
||||
if matches.names.include?("url") && matches[:url]
|
||||
|
@ -194,12 +196,13 @@ module Banzai
|
|||
end
|
||||
end
|
||||
|
||||
def data_attributes_for(text, project, object, link: false)
|
||||
def data_attributes_for(text, project, object, link_content: false, link_reference: false)
|
||||
data_attribute(
|
||||
original: text,
|
||||
link: link,
|
||||
project: project.id,
|
||||
object_sym => object.id
|
||||
original: text,
|
||||
link: link_content,
|
||||
link_reference: link_reference,
|
||||
project: project.id,
|
||||
object_sym => object.id
|
||||
)
|
||||
end
|
||||
|
||||
|
|
|
@ -42,16 +42,33 @@ module Banzai
|
|||
next if visible.include?(node)
|
||||
|
||||
doc_data[:visible_reference_count] -= 1
|
||||
# The reference should be replaced by the original link's content,
|
||||
# which is not always the same as the rendered one.
|
||||
content = node.attr('data-original') || node.inner_html
|
||||
node.replace(content)
|
||||
redacted_content = redacted_node_content(node)
|
||||
node.replace(redacted_content)
|
||||
end
|
||||
end
|
||||
|
||||
metadata
|
||||
end
|
||||
|
||||
# Return redacted content of given node as either the original link (<a> tag),
|
||||
# the original content (text), or the inner HTML of the node.
|
||||
#
|
||||
def redacted_node_content(node)
|
||||
original_content = node.attr('data-original')
|
||||
link_reference = node.attr('data-link-reference')
|
||||
|
||||
# Build the raw <a> tag just with a link as href and content if
|
||||
# it's originally a link pattern. We shouldn't return a plain text href.
|
||||
original_link =
|
||||
if link_reference == 'true' && href = original_content
|
||||
%(<a href="#{href}">#{href}</a>)
|
||||
end
|
||||
|
||||
# The reference should be replaced by the original link's content,
|
||||
# which is not always the same as the rendered one.
|
||||
original_link || original_content || node.inner_html
|
||||
end
|
||||
|
||||
def redact_cross_project_references(documents)
|
||||
extractor = Banzai::IssuableExtractor.new(project, user)
|
||||
issuables = extractor.extract(documents)
|
||||
|
|
|
@ -40,6 +40,16 @@ describe Banzai::Redactor do
|
|||
expect(doc.to_html).to eq(original_content)
|
||||
end
|
||||
end
|
||||
|
||||
it 'returns <a> tag with original href if it is originally a link reference' do
|
||||
href = 'http://localhost:3000'
|
||||
doc = Nokogiri::HTML
|
||||
.fragment("<a class='gfm' data-reference-type='issue' data-original=#{href} data-link-reference='true'>#{href}</a>")
|
||||
|
||||
redactor.redact([doc])
|
||||
|
||||
expect(doc.to_html).to eq('<a href="http://localhost:3000">http://localhost:3000</a>')
|
||||
end
|
||||
end
|
||||
|
||||
context 'when project is in pending delete' do
|
||||
|
|
Loading…
Reference in a new issue