Merge pull request #1696 from hennevogel/bugfix/1233503

Sanitize markdown output
SUSE · Nov 20, 2024 · 8d2b6bd · 8d2b6bd
2 parents 8be6250 + 89d308c
commit 8d2b6bd
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 9 deletions.
diff --git a/app/helpers/markdown_helper.rb b/app/helpers/markdown_helper.rb
@@ -1,9 +1,8 @@
 module MarkdownHelper
-  def mdpreview(markdown_source, lines: 3)
-    markdown_source.lines[0..lines - 1].join
-  end
+  def enrich_markdown(markdown:, lines: nil)
+    # build an excerpt
+    markdown = markdown.lines[0..lines - 1].join if lines
 
-  def enrich_markdown(markdown:)
     # replace :smiley: with a link to github.com emojis
     markdown.gsub!(/(?<=^|\s):([\w+-]+):(?=\s|$)/) do |match|
       %(![add-emoji](https://github.githubassets.com/images/icons/emoji/#{match.to_str.tr(':', '')}.png))
@@ -17,6 +16,6 @@ def enrich_markdown(markdown:)
       "#{Regexp.last_match(1)}[hw##{Regexp.last_match(2)}](#{::Rails.application.routes.url_helpers(only_path: true).project_path(Regexp.last_match(2))})#{Regexp.last_match(3)}"
     end
 
-    markdown
+    sanitize(markdown)
   end
 end
diff --git a/app/views/about/index.html.haml b/app/views/about/index.html.haml
@@ -81,7 +81,7 @@
             = project.title
         .md-preview
           :markdown
-            #{mdpreview(project.description, lines: 2)}
+            #{enrich_markdown(markdown: project.description, lines: 2)}
 
   .row
     .col-sm-12

diff --git a/app/views/projects/_list_item.html.haml b/app/views/projects/_list_item.html.haml
@@ -13,7 +13,7 @@
       = render :partial => "projects/like_button", :locals => {:project => project }
 .md-preview
   :markdown
-    #{mdpreview(project.description, lines: 2)}
+    #{enrich_markdown(markdown: project.description, lines: 2)}
 - unless project.users.empty?
   .well.well-sm
     - project.users.each do |user|

diff --git a/app/views/projects/_similar_projects.html.haml b/app/views/projects/_similar_projects.html.haml
@@ -16,5 +16,5 @@
               = link_to(project.originator.name, user_path(project.originator))
             %p
               :markdown
-                #{truncate(project.description, length: 50)}
+                #{enrich_markdown(markdown: project.description, lines: 50)}
             %hr
diff --git a/app/views/projects/_tile.html.haml b/app/views/projects/_tile.html.haml
@@ -6,7 +6,7 @@
         = render :partial => "projects/like_button", :locals => {:project => project }
   .panel-body
     :markdown
-      #{truncate(project.description, length: 140)}
+      #{enrich_markdown(markdown: project.description, lines: 140)}
     .user-list{:style=>"padding-top: 10px;"}
       - if project.users.empty?
         .alert.alert-warning