Merge branch 'master' into reference-pipeline-and-caching

author: Douwe Maan <douwe@gitlab.com> 2015-11-19 17:46:04 +0300
committer: Douwe Maan <douwe@gitlab.com> 2015-11-19 17:46:04 +0300
commit: f5a630111fb1499a1541e77040529f74ca6475ec (patch)
tree: c3c82cd23d7bdcbfe4ec38d12be4572a6e8653ee /lib/gitlab/markdown
parent: 28af56dea5a88ffcaceb082cf67c9c1ab021609d (diff)
parent: c8074b6b115c95c68d5f7df300a391b4eab521d5 (diff)
7 files changed, 148 insertions, 173 deletions
diff --git a/lib/gitlab/markdown/abstract_reference_filter.rb b/lib/gitlab/markdown/abstract_reference_filter.rb
new file mode 100644
index 00000000000..fd5b7eb9332
--- /dev/null
+++ b/lib/gitlab/markdown/abstract_reference_filter.rb
@@ -0,0 +1,100 @@
+require 'gitlab/markdown'
+
+module Gitlab
+  module Markdown
+    # Issues, Snippets and Merge Requests shares similar functionality in refernce filtering.
+    # All this functionality moved to this class
+    class AbstractReferenceFilter < ReferenceFilter
+      include CrossProjectReference
+
+      def self.object_class
+        # Implement in child class
+        # Example: MergeRequest
+      end
+
+      def self.object_name
+        object_class.name.underscore
+      end
+
+      def self.object_sym
+        object_name.to_sym
+      end
+
+      def self.data_reference
+        "data-#{object_name.dasherize}"
+      end
+
+      # Public: Find references in text (like `!123` for merge requests)
+      #
+      #   AnyReferenceFilter.references_in(text) do |match, object|
+      #     "<a href=...>PREFIX#{object}</a>"
+      #   end
+      #
+      # PREFIX - symbol that detects reference (like ! for merge requests)
+      # object - reference object (snippet, merget request etc)
+      # text - String text to search.
+      #
+      # Yields the String match, the Integer referenced object ID, and an optional String
+      # of the external project reference.
+      #
+      # Returns a String replaced with the return of the block.
+      def self.references_in(text)
+        text.gsub(object_class.reference_pattern) do |match|
+          yield match, $~[object_sym].to_i, $~[:project]
+        end
+      end
+
+      def self.referenced_by(node)
+        { object_sym => LazyReference.new(object_class, node.attr(data_reference)) }
+      end
+
+      delegate :object_class, :object_sym, :references_in, to: :class
+
+      def find_object(project, id)
+        # Implement in child class
+        # Example: project.merge_requests.find
+      end
+
+      def url_for_object(object, project)
+        # Implement in child class
+        # Example: project_merge_request_url
+      end
+
+      def call
+        replace_text_nodes_matching(object_class.reference_pattern) do |content|
+          object_link_filter(content)
+        end
+      end
+
+      # Replace references (like `!123` for merge requests) in text with links
+      # to the referenced object's details page.
+      #
+      # text - String text to replace references in.
+      #
+      # Returns a String with references replaced with links. All links
+      # have `gfm` and `gfm-OBJECT_NAME` class names attached for styling.
+      def object_link_filter(text)
+        references_in(text) do |match, id, project_ref|
+          project = project_from_ref(project_ref)
+
+          if project && object = find_object(project, id)
+            title = escape_once("#{object_title}: #{object.title}")
+            klass = reference_class(object_sym)
+            data  = data_attribute(project: project.id, object_sym => object.id)
+            url = url_for_object(object, project)
+
+            %(<a href="#{url}" #{data}
+                 title="#{title}"
+                 class="#{klass}">#{match}</a>)
+          else
+            match
+          end
+        end
+      end
+
+      def object_title
+        object_class.name.titleize
+      end
+    end
+  end
+end
diff --git a/lib/gitlab/markdown/issue_reference_filter.rb b/lib/gitlab/markdown/issue_reference_filter.rb
index 481d282f7b1..1ed69e2f431 100644
--- a/lib/gitlab/markdown/issue_reference_filter.rb
+++ b/lib/gitlab/markdown/issue_reference_filter.rb
@@ -6,66 +6,17 @@ module Gitlab
     # issues that do not exist are ignored.
     #
     # This filter supports cross-project references.
-    class IssueReferenceFilter < ReferenceFilter
-      include CrossProjectReference
-
-      # Public: Find `#123` issue references in text
-      #
-      #   IssueReferenceFilter.references_in(text) do |match, issue, project_ref|
-      #     "<a href=...>##{issue}</a>"
-      #   end
-      #
-      # text - String text to search.
-      #
-      # Yields the String match, the Integer issue ID, and an optional String of
-      # the external project reference.
-      #
-      # Returns a String replaced with the return of the block.
-      def self.references_in(text)
-        text.gsub(Issue.reference_pattern) do |match|
-          yield match, $~[:issue].to_i, $~[:project]
-        end
-      end
-
-      def self.referenced_by(node)
-        { issue: LazyReference.new(Issue, node.attr("data-issue")) }
-      end
-
-      def call
-        replace_text_nodes_matching(Issue.reference_pattern) do |content|
-          issue_link_filter(content)
-        end
+    class IssueReferenceFilter < AbstractReferenceFilter
+      def self.object_class
+        Issue
       end
 
-      # Replace `#123` issue references in text with links to the referenced
-      # issue's details page.
-      #
-      # text - String text to replace references in.
-      #
-      # Returns a String with `#123` references replaced with links. All links
-      # have `gfm` and `gfm-issue` class names attached for styling.
-      def issue_link_filter(text)
-        self.class.references_in(text) do |match, id, project_ref|
-          project = self.project_from_ref(project_ref)
-
-          if project && issue = project.get_issue(id)
-            url = url_for_issue(id, project, only_path: context[:only_path])
-
-            title = escape_once("Issue: #{issue.title}")
-            klass = reference_class(:issue)
-            data  = data_attribute(project: project.id, issue: issue.id)
-
-            %(<a href="#{url}" #{data}
-                 title="#{title}"
-                 class="#{klass}">#{match}</a>)
-          else
-            match
-          end
-        end
+      def find_object(project, id)
+        project.get_issue(id)
       end
 
-      def url_for_issue(*args)
-        IssuesHelper.url_for_issue(*args)
+      def url_for_object(issue, project)
+        IssuesHelper.url_for_issue(issue.iid, project, only_path: context[:only_path])
       end
     end
   end
diff --git a/lib/gitlab/markdown/merge_request_reference_filter.rb b/lib/gitlab/markdown/merge_request_reference_filter.rb
index 5bc63269808..1f47f03c94e 100644
--- a/lib/gitlab/markdown/merge_request_reference_filter.rb
+++ b/lib/gitlab/markdown/merge_request_reference_filter.rb
@@ -6,65 +6,16 @@ module Gitlab
     # to merge requests that do not exist are ignored.
     #
     # This filter supports cross-project references.
-    class MergeRequestReferenceFilter < ReferenceFilter
-      include CrossProjectReference
-
-      # Public: Find `!123` merge request references in text
-      #
-      #   MergeRequestReferenceFilter.references_in(text) do |match, merge_request, project_ref|
-      #     "<a href=...>##{merge_request}</a>"
-      #   end
-      #
-      # text - String text to search.
-      #
-      # Yields the String match, the Integer merge request ID, and an optional
-      # String of the external project reference.
-      #
-      # Returns a String replaced with the return of the block.
-      def self.references_in(text)
-        text.gsub(MergeRequest.reference_pattern) do |match|
-          yield match, $~[:merge_request].to_i, $~[:project]
-        end
-      end
-
-      def self.referenced_by(node)
-        { merge_request: LazyReference.new(MergeRequest, node.attr("data-merge-request")) }
-      end
-
-      def call
-        replace_text_nodes_matching(MergeRequest.reference_pattern) do |content|
-          merge_request_link_filter(content)
-        end
+    class MergeRequestReferenceFilter < AbstractReferenceFilter
+      def self.object_class
+        MergeRequest
       end
 
-      # Replace `!123` merge request references in text with links to the
-      # referenced merge request's details page.
-      #
-      # text - String text to replace references in.
-      #
-      # Returns a String with `!123` references replaced with links. All links
-      # have `gfm` and `gfm-merge_request` class names attached for styling.
-      def merge_request_link_filter(text)
-        self.class.references_in(text) do |match, id, project_ref|
-          project = self.project_from_ref(project_ref)
-
-          if project && merge_request = project.merge_requests.find_by(iid: id)
-            title = escape_once("Merge Request: #{merge_request.title}")
-            klass = reference_class(:merge_request)
-            data  = data_attribute(project: project.id, merge_request: merge_request.id)
-
-            url = url_for_merge_request(merge_request, project)
-
-            %(<a href="#{url}" #{data}
-                 title="#{title}"
-                 class="#{klass}">#{match}</a>)
-          else
-            match
-          end
-        end
+      def find_object(project, id)
+        project.merge_requests.find_by(iid: id)
       end
 
-      def url_for_merge_request(mr, project)
+      def url_for_object(mr, project)
         h = Gitlab::Application.routes.url_helpers
         h.namespace_project_merge_request_url(project.namespace, project, mr,
                                             only_path: context[:only_path])
diff --git a/lib/gitlab/markdown/relative_link_filter.rb b/lib/gitlab/markdown/relative_link_filter.rb
index 3e9909d2f33..81f60120fcd 100644
--- a/lib/gitlab/markdown/relative_link_filter.rb
+++ b/lib/gitlab/markdown/relative_link_filter.rb
@@ -51,7 +51,7 @@ module Gitlab
           relative_url_root,
           context[:project].path_with_namespace,
           path_type(file_path),
-          ref || 'master',  # assume that if no ref exists we can point to master
+          ref || context[:project].default_branch,  # if no ref exists, point to the default branch
           file_path
         ].compact.join('/').squeeze('/').chomp('/')
 
diff --git a/lib/gitlab/markdown/sanitization_filter.rb b/lib/gitlab/markdown/sanitization_filter.rb
index 550dfafca85..cf153f30622 100644
--- a/lib/gitlab/markdown/sanitization_filter.rb
+++ b/lib/gitlab/markdown/sanitization_filter.rb
@@ -44,6 +44,12 @@ module Gitlab
         # Allow span elements
         whitelist[:elements].push('span')
 
+        # Allow any protocol in `a` elements...
+        whitelist[:protocols].delete('a')
+
+        # ...but then remove links with the `javascript` protocol
+        whitelist[:transformers].push(remove_javascript_links)
+
         # Remove `rel` attribute from `a` elements
         whitelist[:transformers].push(remove_rel)
 
@@ -53,6 +59,19 @@ module Gitlab
         whitelist
       end
 
+      def remove_javascript_links
+        lambda do |env|
+          node = env[:node]
+
+          return unless node.name == 'a'
+          return unless node.has_attribute?('href')
+
+          if node['href'].start_with?('javascript', ':javascript')
+            node.remove_attribute('href')
+          end
+        end
+      end
+
       def remove_rel
         lambda do |env|
           if env[:node_name] == 'a'
diff --git a/lib/gitlab/markdown/snippet_reference_filter.rb b/lib/gitlab/markdown/snippet_reference_filter.rb
index f783f951711..f7bd07c2a34 100644
--- a/lib/gitlab/markdown/snippet_reference_filter.rb
+++ b/lib/gitlab/markdown/snippet_reference_filter.rb
@@ -6,65 +6,16 @@ module Gitlab
     # snippets that do not exist are ignored.
     #
     # This filter supports cross-project references.
-    class SnippetReferenceFilter < ReferenceFilter
-      include CrossProjectReference
-
-      # Public: Find `$123` snippet references in text
-      #
-      #   SnippetReferenceFilter.references_in(text) do |match, snippet|
-      #     "<a href=...>$#{snippet}</a>"
-      #   end
-      #
-      # text - String text to search.
-      #
-      # Yields the String match, the Integer snippet ID, and an optional String
-      # of the external project reference.
-      #
-      # Returns a String replaced with the return of the block.
-      def self.references_in(text)
-        text.gsub(Snippet.reference_pattern) do |match|
-          yield match, $~[:snippet].to_i, $~[:project]
-        end
-      end
-
-      def self.referenced_by(node)
-        { snippet: LazyReference.new(Snippet, node.attr("data-snippet")) }
-      end
-
-      def call
-        replace_text_nodes_matching(Snippet.reference_pattern) do |content|
-          snippet_link_filter(content)
-        end
+    class SnippetReferenceFilter < AbstractReferenceFilter
+      def self.object_class
+        Snippet
       end
 
-      # Replace `$123` snippet references in text with links to the referenced
-      # snippets's details page.
-      #
-      # text - String text to replace references in.
-      #
-      # Returns a String with `$123` references replaced with links. All links
-      # have `gfm` and `gfm-snippet` class names attached for styling.
-      def snippet_link_filter(text)
-        self.class.references_in(text) do |match, id, project_ref|
-          project = self.project_from_ref(project_ref)
-
-          if project && snippet = project.snippets.find_by(id: id)
-            title = escape_once("Snippet: #{snippet.title}")
-            klass = reference_class(:snippet)
-            data  = data_attribute(project: project.id, snippet: snippet.id)
-
-            url = url_for_snippet(snippet, project)
-
-            %(<a href="#{url}" #{data}
-                 title="#{title}"
-                 class="#{klass}">#{match}</a>)
-          else
-            match
-          end
-        end
+      def find_object(project, id)
+        project.snippets.find_by(id: id)
       end
 
-      def url_for_snippet(snippet, project)
+      def url_for_object(snippet, project)
         h = Gitlab::Application.routes.url_helpers
         h.namespace_project_snippet_url(project.namespace, project, snippet,
                                         only_path: context[:only_path])
diff --git a/lib/gitlab/markdown/user_reference_filter.rb b/lib/gitlab/markdown/user_reference_filter.rb
index 2a594e1662e..ab5e1f6fe9e 100644
--- a/lib/gitlab/markdown/user_reference_filter.rb
+++ b/lib/gitlab/markdown/user_reference_filter.rb
@@ -85,13 +85,12 @@ module Gitlab
 
       def link_to_all
         project = context[:project]
-
         url = urls.namespace_project_url(project.namespace, project,
                                          only_path: context[:only_path])
         data = data_attribute(project: project.id)
-
         text = User.reference_prefix + 'all'
-        %(<a href="#{url}" #{data} class="#{link_class}">#{text}</a>)
+
+        link_tag(url, data, text)
       end
 
       def link_to_namespace(namespace)
@@ -105,16 +104,20 @@ module Gitlab
       def link_to_group(group, namespace)
         url = urls.group_url(group, only_path: context[:only_path])
         data = data_attribute(group: namespace.id)
-
         text = Group.reference_prefix + group
-        %(<a href="#{url}" #{data} class="#{link_class}">#{text}</a>)
+
+        link_tag(url, data, text)
       end
 
       def link_to_user(user, namespace)
         url = urls.user_url(user, only_path: context[:only_path])
         data = data_attribute(user: namespace.owner_id)
-
         text = User.reference_prefix + user
+
+        link_tag(url, data, text)
+      end
+
+      def link_tag(url, data, text)
         %(<a href="#{url}" #{data} class="#{link_class}">#{text}</a>)
       end
     end
author	Douwe Maan <douwe@gitlab.com>	2015-11-19 17:46:04 +0300
committer	Douwe Maan <douwe@gitlab.com>	2015-11-19 17:46:04 +0300
commit	f5a630111fb1499a1541e77040529f74ca6475ec (patch)
tree	c3c82cd23d7bdcbfe4ec38d12be4572a6e8653ee /lib/gitlab/markdown
parent	28af56dea5a88ffcaceb082cf67c9c1ab021609d (diff)
parent	c8074b6b115c95c68d5f7df300a391b4eab521d5 (diff)