Add latest changes from gitlab-org/gitlab@15-6-stable-eev15.6.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-17 14:33:21 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-11-17 14:33:21 +0300
commit: 7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 (patch)
tree: 5bdc2229f5198d516781f8d24eace62fc7e589e9 /spec/lib/banzai
parent: 185b095e93520f96e9cfc31d9c3e69b498cdab7c (diff)
16 files changed, 123 insertions, 48 deletions
diff --git a/spec/lib/banzai/filter/autolink_filter_spec.rb b/spec/lib/banzai/filter/autolink_filter_spec.rb
index ba15860f3c9..75108130602 100644
--- a/spec/lib/banzai/filter/autolink_filter_spec.rb
+++ b/spec/lib/banzai/filter/autolink_filter_spec.rb
@@ -195,7 +195,7 @@ RSpec.describe Banzai::Filter::AutolinkFilter do
     it 'escapes RTLO and other characters' do
       # rendered text looks like "http://example.com/evilexe.mp3"
       evil_link = "#{link}evil\u202E3pm.exe"
-      doc = filter("#{evil_link}")
+      doc = filter(evil_link.to_s)
 
       expect(doc.at_css('a')['href']).to eq "http://about.gitlab.com/evil%E2%80%AE3pm.exe"
     end
diff --git a/spec/lib/banzai/filter/issuable_reference_expansion_filter_spec.rb b/spec/lib/banzai/filter/issuable_reference_expansion_filter_spec.rb
index ef23725c790..a11fe203541 100644
--- a/spec/lib/banzai/filter/issuable_reference_expansion_filter_spec.rb
+++ b/spec/lib/banzai/filter/issuable_reference_expansion_filter_spec.rb
@@ -91,7 +91,7 @@ RSpec.describe Banzai::Filter::IssuableReferenceExpansionFilter do
     link = create_link(closed_issue.to_reference(other_project), issue: closed_issue.id, reference_type: 'issue')
     doc = filter(link, context.merge(project: other_project))
 
-    expect(doc.css('a').last.text).to eq("#{closed_issue.to_reference(other_project)}")
+    expect(doc.css('a').last.text).to eq(closed_issue.to_reference(other_project).to_s)
   end
 
   it 'does not append state when filter is not enabled' do
diff --git a/spec/lib/banzai/filter/math_filter_spec.rb b/spec/lib/banzai/filter/math_filter_spec.rb
index dd116eb1109..c5d2bcd5363 100644
--- a/spec/lib/banzai/filter/math_filter_spec.rb
+++ b/spec/lib/banzai/filter/math_filter_spec.rb
@@ -97,7 +97,8 @@ RSpec.describe Banzai::Filter::MathFilter do
   describe 'block display math using $$\n...\n$$ syntax' do
     context 'with valid syntax' do
       where(:text, :result_template) do
-        "$$\n2+2\n$$" | "<math>2+2</math>"
+        "$$\n2+2\n$$"      | "<math>2+2</math>"
+        "$$\n2+2\n3+4\n$$" | "<math>2+2\n3+4</math>"
       end
 
       with_them do
@@ -110,35 +111,35 @@ RSpec.describe Banzai::Filter::MathFilter do
 
   describe 'display math using ```math...``` syntax' do
     it 'adds data-math-style display attribute to display math' do
-      doc = filter('<pre class="code highlight js-syntax-highlight language-math" v-pre="true"><code>2+2</code></pre>')
+      doc = filter('<pre lang="math"><code>2+2</code></pre>')
       pre = doc.xpath('descendant-or-self::pre').first
 
       expect(pre['data-math-style']).to eq 'display'
     end
 
     it 'adds js-render-math class to display math' do
-      doc = filter('<pre class="code highlight js-syntax-highlight language-math" v-pre="true"><code>2+2</code></pre>')
+      doc = filter('<pre lang="math"><code>2+2</code></pre>')
       pre = doc.xpath('descendant-or-self::pre').first
 
       expect(pre[:class]).to include("js-render-math")
     end
 
     it 'ignores code blocks that are not math' do
-      input = '<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true"><code>2+2</code></pre>'
+      input = '<pre lang="plaintext"><code>2+2</code></pre>'
       doc = filter(input)
 
       expect(doc.to_s).to eq input
     end
 
     it 'requires the pre to contain both code and math' do
-      input = '<pre class="highlight js-syntax-highlight language-plaintext language-math" v-pre="true"><code>2+2</code></pre>'
+      input = '<pre lang="math">something</pre>'
       doc = filter(input)
 
       expect(doc.to_s).to eq input
     end
 
     it 'dollar signs around to display math' do
-      doc = filter('$<pre class="code highlight js-syntax-highlight language-math" v-pre="true"><code>2+2</code></pre>$')
+      doc = filter('$<pre lang="math"><code>2+2</code></pre>$')
       before = doc.xpath('descendant-or-self::text()[1]').first
       after = doc.xpath('descendant-or-self::text()[3]').first
 
diff --git a/spec/lib/banzai/filter/references/alert_reference_filter_spec.rb b/spec/lib/banzai/filter/references/alert_reference_filter_spec.rb
index cba41166be4..c1fdee48f12 100644
--- a/spec/lib/banzai/filter/references/alert_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/alert_reference_filter_spec.rb
@@ -229,7 +229,7 @@ RSpec.describe Banzai::Filter::References::AlertReferenceFilter do
     let(:alert2_reference) { alert2.to_reference(full: true) }
 
     it 'does not have N+1 per multiple references per project', :use_sql_query_cache do
-      markdown = "#{alert_reference}"
+      markdown = alert_reference.to_s
       max_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
         reference_filter(markdown)
       end.count
diff --git a/spec/lib/banzai/filter/references/commit_reference_filter_spec.rb b/spec/lib/banzai/filter/references/commit_reference_filter_spec.rb
index 6bcea41a603..c368a852ea9 100644
--- a/spec/lib/banzai/filter/references/commit_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/commit_reference_filter_spec.rb
@@ -282,7 +282,7 @@ RSpec.describe Banzai::Filter::References::CommitReferenceFilter do
     let(:commit3_reference) { commit3.to_reference(full: true) }
 
     it 'does not have N+1 per multiple references per project', :use_sql_query_cache do
-      markdown = "#{commit_reference}"
+      markdown = commit_reference.to_s
       max_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
         reference_filter(markdown)
       end.count
diff --git a/spec/lib/banzai/filter/references/issue_reference_filter_spec.rb b/spec/lib/banzai/filter/references/issue_reference_filter_spec.rb
index d17deaa4736..32538948b4b 100644
--- a/spec/lib/banzai/filter/references/issue_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/issue_reference_filter_spec.rb
@@ -392,7 +392,7 @@ RSpec.describe Banzai::Filter::References::IssueReferenceFilter do
 
   context 'cross-project URL in link href' do
     let(:reference_link) { %{<a href="#{reference}">Reference</a>} }
-    let(:reference) { "#{issue_url + "#note_123"}" }
+    let(:reference) { (issue_url + "#note_123").to_s }
     let(:issue)     { create(:issue, project: project2) }
     let(:project2)  { create(:project, :public, namespace: namespace) }
     let(:namespace) { create(:namespace, name: 'cross-reference') }
@@ -497,7 +497,7 @@ RSpec.describe Banzai::Filter::References::IssueReferenceFilter do
     end
 
     it 'links to a valid reference for cross-reference in link href' do
-      reference = "#{issue_url + "#note_123"}"
+      reference = (issue_url + "#note_123").to_s
       reference_link = %{<a href="#{reference}">Reference</a>}
 
       doc = reference_filter("See #{reference_link}", context)
diff --git a/spec/lib/banzai/filter/references/label_reference_filter_spec.rb b/spec/lib/banzai/filter/references/label_reference_filter_spec.rb
index 12cdb5cfb95..d5b9c71b861 100644
--- a/spec/lib/banzai/filter/references/label_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/label_reference_filter_spec.rb
@@ -715,13 +715,13 @@ RSpec.describe Banzai::Filter::References::LabelReferenceFilter do
     let_it_be(:project_label2)     { create(:label, project: project) }
     let_it_be(:project2_label)     { create(:label, project: project2) }
     let_it_be(:group2_label)       { create(:group_label, group: group2, color: '#00ff00') }
-    let_it_be(:project_reference)  { "#{project_label.to_reference}" }
-    let_it_be(:project_reference2) { "#{project_label2.to_reference}" }
-    let_it_be(:project2_reference) { "#{project2_label.to_reference}" }
+    let_it_be(:project_reference)  { project_label.to_reference.to_s }
+    let_it_be(:project_reference2) { project_label2.to_reference.to_s }
+    let_it_be(:project2_reference) { project2_label.to_reference.to_s }
     let_it_be(:group2_reference)   { "#{project2.full_path}~#{group2_label.name}" }
 
     it 'does not have N+1 per multiple references per project', :use_sql_query_cache do
-      markdown = "#{project_reference}"
+      markdown = project_reference.to_s
       control_count = 1
 
       expect do
@@ -737,7 +737,7 @@ RSpec.describe Banzai::Filter::References::LabelReferenceFilter do
 
     it 'has N+1 for multiple unique project/group references', :use_sql_query_cache do
       # reference to already loaded project, only one query
-      markdown = "#{project_reference}"
+      markdown = project_reference.to_s
       control_count = 1
 
       expect do
diff --git a/spec/lib/banzai/filter/references/milestone_reference_filter_spec.rb b/spec/lib/banzai/filter/references/milestone_reference_filter_spec.rb
index c21a9339ebb..98090af06b1 100644
--- a/spec/lib/banzai/filter/references/milestone_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/milestone_reference_filter_spec.rb
@@ -490,13 +490,13 @@ RSpec.describe Banzai::Filter::References::MilestoneReferenceFilter do
     let_it_be(:project_milestone2) { create(:milestone, project: project) }
     let_it_be(:project2_milestone) { create(:milestone, project: project2) }
     let_it_be(:group2_milestone)   { create(:milestone, group: group2) }
-    let_it_be(:project_reference)  { "#{project_milestone.to_reference}" }
-    let_it_be(:project_reference2) { "#{project_milestone2.to_reference}" }
-    let_it_be(:project2_reference) { "#{project2_milestone.to_reference(full: true)}" }
+    let_it_be(:project_reference)  { project_milestone.to_reference.to_s }
+    let_it_be(:project_reference2) { project_milestone2.to_reference.to_s }
+    let_it_be(:project2_reference) { project2_milestone.to_reference(full: true).to_s }
     let_it_be(:group2_reference)   { "#{project2.full_path}%\"#{group2_milestone.name}\"" }
 
     it 'does not have N+1 per multiple references per project', :use_sql_query_cache do
-      markdown = "#{project_reference}"
+      markdown = project_reference.to_s
       control_count = 4
 
       expect do
@@ -511,7 +511,7 @@ RSpec.describe Banzai::Filter::References::MilestoneReferenceFilter do
     end
 
     it 'has N+1 for multiple unique project/group references', :use_sql_query_cache do
-      markdown = "#{project_reference}"
+      markdown = project_reference.to_s
       control_count = 4
 
       expect do
diff --git a/spec/lib/banzai/filter/references/project_reference_filter_spec.rb b/spec/lib/banzai/filter/references/project_reference_filter_spec.rb
index d88e262883f..0dd52b45f5d 100644
--- a/spec/lib/banzai/filter/references/project_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/project_reference_filter_spec.rb
@@ -6,7 +6,7 @@ RSpec.describe Banzai::Filter::References::ProjectReferenceFilter do
   include FilterSpecHelper
 
   def invalidate_reference(reference)
-    "#{reference.reverse}"
+    reference.reverse.to_s
   end
 
   def get_reference(project)
@@ -109,7 +109,7 @@ RSpec.describe Banzai::Filter::References::ProjectReferenceFilter do
     let_it_be(:nested_project_reference) { get_reference(nested_project) }
 
     it 'does not have N+1 per multiple project references', :use_sql_query_cache do
-      markdown = "#{normal_project_reference}"
+      markdown = normal_project_reference.to_s
 
       # warm up first
       reference_filter(markdown)
diff --git a/spec/lib/banzai/filter/references/user_reference_filter_spec.rb b/spec/lib/banzai/filter/references/user_reference_filter_spec.rb
index 70cbdb080a4..b153efd9655 100644
--- a/spec/lib/banzai/filter/references/user_reference_filter_spec.rb
+++ b/spec/lib/banzai/filter/references/user_reference_filter_spec.rb
@@ -209,7 +209,7 @@ RSpec.describe Banzai::Filter::References::UserReferenceFilter do
     let(:reference3) { group.to_reference }
 
     it 'does not have N+1 per multiple user references', :use_sql_query_cache do
-      markdown = "#{reference}"
+      markdown = reference.to_s
 
       control_count = ActiveRecord::QueryRecorder.new(skip_cached: false) do
         reference_filter(markdown)
diff --git a/spec/lib/banzai/filter/repository_link_filter_spec.rb b/spec/lib/banzai/filter/repository_link_filter_spec.rb
index c220263b238..4aeb6e2a722 100644
--- a/spec/lib/banzai/filter/repository_link_filter_spec.rb
+++ b/spec/lib/banzai/filter/repository_link_filter_spec.rb
@@ -3,7 +3,6 @@
 require 'spec_helper'
 
 RSpec.describe Banzai::Filter::RepositoryLinkFilter do
-  include GitHelpers
   include RepoHelpers
 
   def filter(doc, contexts = {})
diff --git a/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb b/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
index 33adca0ddfc..a409c15533b 100644
--- a/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
+++ b/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
@@ -23,7 +23,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
     it "highlights as plaintext" do
       result = filter('<pre><code>def fun end</code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" data-canonical-lang="" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">def fun end</span></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">def fun end</span></code></pre><copy-code></copy-code></div>')
     end
 
     include_examples "XSS prevention", ""
@@ -31,9 +31,9 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
 
   context "when contains mermaid diagrams" do
     it "ignores mermaid blocks" do
-      result = filter('<pre data-mermaid-style="display"><code>mermaid code</code></pre>')
+      result = filter('<pre data-mermaid-style="display" lang="mermaid"><code class="js-render-mermaid">mermaid code</code></pre>')
 
-      expect(result.to_html).to eq('<pre data-mermaid-style="display"><code>mermaid code</code></pre>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre data-mermaid-style="display" lang="mermaid" class="code highlight js-syntax-highlight language-mermaid" v-pre="true"><code class="js-render-mermaid"><span id="LC1" class="line" lang="mermaid">mermaid code</span></code></pre><copy-code></copy-code></div>')
     end
   end
 
@@ -45,11 +45,32 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
     end
   end
 
+  # This can happen with the following markdown
+  #
+  # <div>
+  # <pre><code>
+  # something
+  #
+  #     else
+  # </code></pre>
+  # </div>
+  #
+  # The blank line causes markdown to process `    else` as a code block.
+  # Which could lead to an orphaned node being replaced and failing
+  context "when <pre><code> is a child of <pre><code> which is a child of a div " do
+    it "captures all text and doesn't fail trying to replace a node with no parent" do
+      text = "<div>\n<pre><code>\nsomething\n<pre><code>else\n</code></pre></code></pre>\n</div>"
+      result = filter(text)
+
+      expect(result.to_html.delete("\n")).to eq('<div><div class="gl-relative markdown-code-block js-markdown-code"><pre lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true"><code><span id="LC1" class="line" lang="plaintext"></span><span id="LC2" class="line" lang="plaintext">something</span><span id="LC3" class="line" lang="plaintext">else</span></code></pre><copy-code></copy-code></div></div>')
+    end
+  end
+
   context "when a valid language is specified" do
     it "highlights as that language" do
       result = filter('<pre lang="ruby"><code>def fun end</code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-ruby" lang="ruby" v-pre="true"><code><span id="LC1" class="line" lang="ruby"><span class="k">def</span> <span class="nf">fun</span> <span class="k">end</span></span></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="ruby" class="code highlight js-syntax-highlight language-ruby" v-pre="true"><code><span id="LC1" class="line" lang="ruby"><span class="k">def</span> <span class="nf">fun</span> <span class="k">end</span></span></code></pre><copy-code></copy-code></div>')
     end
 
     include_examples "XSS prevention", "ruby"
@@ -59,7 +80,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
     it "highlights as plaintext" do
       result = filter('<pre lang="gnuplot"><code>This is a test</code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" data-canonical-lang="gnuplot" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">This is a test</span></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="gnuplot" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">This is a test</span></code></pre><copy-code></copy-code></div>')
     end
 
     include_examples "XSS prevention", "gnuplot"
@@ -74,7 +95,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
         it "highlights as plaintext but with the correct language attribute and class" do
           result = filter(%{<pre lang="#{lang}"><code>This is a test</code></pre>})
 
-          expect(result.to_html.delete("\n")).to eq(%{<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-#{lang}" lang="#{lang}" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>})
+          expect(result.to_html.delete("\n")).to eq(%{<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="#{lang}" class="code highlight js-syntax-highlight language-#{lang}" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>})
         end
 
         include_examples "XSS prevention", lang
@@ -87,7 +108,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
         it "includes data-lang-params tag with extra information" do
           result = filter(%{<pre lang="#{lang}" data-meta="#{lang_params}"><code>This is a test</code></pre>})
 
-          expect(result.to_html.delete("\n")).to eq(%{<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-#{lang}" lang="#{lang}" #{data_attr}="#{lang_params}" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>})
+          expect(result.to_html.delete("\n")).to eq(%{<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="#{lang}" class="code highlight js-syntax-highlight language-#{lang}" #{data_attr}="#{lang_params}" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>})
         end
 
         include_examples "XSS prevention", lang
@@ -105,7 +126,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
       let(:lang_params) { '-1+10' }
 
       let(:expected_result) do
-        %{<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight language-#{lang}" lang="#{lang}" #{data_attr}="#{lang_params} more-things" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>}
+        %{<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="#{lang}" class="code highlight js-syntax-highlight language-#{lang}" #{data_attr}="#{lang_params} more-things" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre><copy-code></copy-code></div>}
       end
 
       context 'when delimiter is space' do
@@ -130,13 +151,13 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
     it "includes it in the highlighted code block" do
       result = filter('<pre data-sourcepos="1:1-3:3"><code lang="plaintext">This is a test</code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre data-sourcepos="1:1-3:3" class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" data-canonical-lang="" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">This is a test</span></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre data-sourcepos="1:1-3:3" lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true"><code lang="plaintext"><span id="LC1" class="line" lang="plaintext">This is a test</span></code></pre><copy-code></copy-code></div>')
     end
 
     it "escape sourcepos metadata to prevent XSS" do
       result = filter('<pre data-sourcepos="&#34;%22 href=&#34;x&#34;></pre><base href=http://unsafe-website.com/><pre x=&#34;"><code></code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre data-sourcepos=\'"%22 href="x"&gt;&lt;/pre&gt;&lt;base href=http://unsafe-website.com/&gt;&lt;pre x="\' class="code highlight js-syntax-highlight language-plaintext" lang="plaintext" data-canonical-lang="" v-pre="true"><code></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre data-sourcepos=\'"%22 href="x"&gt;&lt;/pre&gt;&lt;base href=http://unsafe-website.com/&gt;&lt;pre x="\' lang="plaintext" class="code highlight js-syntax-highlight language-plaintext" data-canonical-lang="" v-pre="true"><code></code></pre><copy-code></copy-code></div>')
     end
   end
 
@@ -150,7 +171,7 @@ RSpec.describe Banzai::Filter::SyntaxHighlightFilter do
     it "highlights as plaintext" do
       result = filter('<pre lang="ruby"><code>This is a test</code></pre>')
 
-      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre class="code highlight js-syntax-highlight" lang="" data-canonical-lang="ruby" v-pre="true"><code><span id="LC1" class="line" lang="">This is a test</span></code></pre><copy-code></copy-code></div>')
+      expect(result.to_html.delete("\n")).to eq('<div class="gl-relative markdown-code-block js-markdown-code"><pre lang="" class="code highlight js-syntax-highlight" data-canonical-lang="ruby" v-pre="true"><code><span id="LC1" class="line" lang="">This is a test</span></code></pre><copy-code></copy-code></div>')
     end
 
     include_examples "XSS prevention", "ruby"
diff --git a/spec/lib/banzai/reference_parser/base_parser_spec.rb b/spec/lib/banzai/reference_parser/base_parser_spec.rb
index d31ccccd6c3..9e77137795a 100644
--- a/spec/lib/banzai/reference_parser/base_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/base_parser_spec.rb
@@ -63,7 +63,7 @@ RSpec.describe Banzai::ReferenceParser::BaseParser do
 
     context 'when the link does not have a data-project attribute' do
       it 'returns the nodes' do
-        expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
+        expect(subject.nodes_visible_to_user(user, [link])).to match_array([link])
       end
     end
   end
diff --git a/spec/lib/banzai/reference_parser/commit_parser_spec.rb b/spec/lib/banzai/reference_parser/commit_parser_spec.rb
index 31cece108bf..3569a1019f0 100644
--- a/spec/lib/banzai/reference_parser/commit_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/commit_parser_spec.rb
@@ -12,12 +12,30 @@ RSpec.describe Banzai::ReferenceParser::CommitParser do
   let(:link) { empty_html_link }
 
   describe '#nodes_visible_to_user' do
-    context 'when the link has a data-issue attribute' do
+    context 'when the link has a data-project attribute' do
       before do
-        link['data-commit'] = 123
+        link['data-project'] = project.id.to_s
       end
 
       it_behaves_like "referenced feature visibility", "repository"
+
+      it 'includes the link if can_read_reference? returns true' do
+        expect(subject).to receive(:can_read_reference?).with(user, project, link).and_return(true)
+
+        expect(subject.nodes_visible_to_user(user, [link])).to contain_exactly(link)
+      end
+
+      it 'excludes the link if can_read_reference? returns false' do
+        expect(subject).to receive(:can_read_reference?).with(user, project, link).and_return(false)
+
+        expect(subject.nodes_visible_to_user(user, [link])).to be_empty
+      end
+    end
+
+    context 'when the link does not have a data-project attribute' do
+      it 'returns the nodes' do
+        expect(subject.nodes_visible_to_user(user, [link])).to eq([link])
+      end
     end
   end
 
@@ -129,7 +147,7 @@ RSpec.describe Banzai::ReferenceParser::CommitParser do
     end
   end
 
-  context 'when checking commits on another projects' do
+  context 'when checking commits on another projects', :request_store do
     let!(:control_links) do
       [commit_link]
     end
@@ -141,7 +159,7 @@ RSpec.describe Banzai::ReferenceParser::CommitParser do
     def commit_link
       project = create(:project, :repository, :public)
 
-      Nokogiri::HTML.fragment(%Q{<a data-commit="#{project.commit.id}" data-project="#{project.id}"></a>}).children[0]
+      Nokogiri::HTML.fragment(%(<a data-commit="#{project.commit.id}" data-project="#{project.id}"></a>)).children[0]
     end
 
     it_behaves_like 'no project N+1 queries'
diff --git a/spec/lib/banzai/reference_parser/commit_range_parser_spec.rb b/spec/lib/banzai/reference_parser/commit_range_parser_spec.rb
index 2f64aef4fb7..172347fc421 100644
--- a/spec/lib/banzai/reference_parser/commit_range_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/commit_range_parser_spec.rb
@@ -12,12 +12,30 @@ RSpec.describe Banzai::ReferenceParser::CommitRangeParser do
   let(:link) { empty_html_link }
 
   describe '#nodes_visible_to_user' do
-    context 'when the link has a data-issue attribute' do
+    context 'when the link has a data-project attribute' do
       before do
-        link['data-commit-range'] = '123..456'
+        link['data-project'] = project.id.to_s
       end
 
       it_behaves_like "referenced feature visibility", "repository"
+
+      it 'includes the link if can_read_reference? returns true' do
+        expect(subject).to receive(:can_read_reference?).with(user, project, link).and_return(true)
+
+        expect(subject.nodes_visible_to_user(user, [link])).to contain_exactly(link)
+      end
+
+      it 'excludes the link if can_read_reference? returns false' do
+        expect(subject).to receive(:can_read_reference?).with(user, project, link).and_return(false)
+
+        expect(subject.nodes_visible_to_user(user, [link])).to be_empty
+      end
+    end
+
+    context 'when the link does not have a data-project attribute' do
+      it 'returns the nodes' do
+        expect(subject.nodes_visible_to_user(user, [link])).to match_array([link])
+      end
     end
   end
 
@@ -136,4 +154,22 @@ RSpec.describe Banzai::ReferenceParser::CommitRangeParser do
       end
     end
   end
+
+  context 'when checking commits ranges on another projects', :request_store do
+    let!(:control_links) do
+      [commit_range_link]
+    end
+
+    let!(:actual_links) do
+      control_links + [commit_range_link, commit_range_link]
+    end
+
+    def commit_range_link
+      project = create(:project, :repository, :public)
+
+      Nokogiri::HTML.fragment(%(<a data-commit-range="123...456" data-project="#{project.id}"></a>)).children[0]
+    end
+
+    it_behaves_like 'no project N+1 queries'
+  end
 end
diff --git a/spec/lib/banzai/reference_parser/issue_parser_spec.rb b/spec/lib/banzai/reference_parser/issue_parser_spec.rb
index 7de78710d34..c180a42c91e 100644
--- a/spec/lib/banzai/reference_parser/issue_parser_spec.rb
+++ b/spec/lib/banzai/reference_parser/issue_parser_spec.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Banzai::ReferenceParser::IssueParser do
   include ReferenceParserHelpers
 
-  let_it_be(:group)   { create(:group, :public) }
-  let_it_be(:project) { create(:project, :public, group: group) }
-  let_it_be(:user)    { create(:user) }
-  let_it_be(:issue)   { create(:issue, project: project) }
+  let_it_be(:group) { create(:group, :public) }
+  let_it_be_with_reload(:project) { create(:project, :public, group: group) }
+  let_it_be(:user) { create(:user) }
+  let_it_be(:issue) { create(:issue, project: project) }
 
   let(:link)    { empty_html_link }
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-17 14:33:21 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-11-17 14:33:21 +0300
commit	7021455bd1ed7b125c55eb1b33c5a01f2bc55ee0 (patch)
tree	5bdc2229f5198d516781f8d24eace62fc7e589e9 /spec/lib/banzai
parent	185b095e93520f96e9cfc31d9c3e69b498cdab7c (diff)