Implement multi-line suggestions filtering

Implements the filtering logic for
`suggestion:-x+y` syntax.

3 files changed, 92 insertions, 2 deletions

diff --git a/spec/lib/banzai/filter/output_safety_spec.rb b/spec/lib/banzai/filter/output_safety_spec.rb
new file mode 100644
index 00000000000..5ffe591c9a4
--- /dev/null
+++ b/spec/lib/banzai/filter/output_safety_spec.rb
@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe Banzai::Filter::OutputSafety do
+  subject do
+    Class.new do
+      include Banzai::Filter::OutputSafety
+    end.new
+  end
+
+  let(:content) { '<pre><code>foo</code></pre>' }
+
+  context 'when given HTML is safe' do
+    let(:html) { content.html_safe }
+
+    it 'returns safe HTML' do
+      expect(subject.escape_once(html)).to eq(html)
+    end
+  end
+
+  context 'when given HTML is not safe' do
+    let(:html) { content }
+
+    it 'returns escaped HTML' do
+      expect(subject.escape_once(html)).to eq(ERB::Util.html_escape_once(html))
+    end
+  end
+end
diff --git a/spec/lib/banzai/filter/suggestion_filter_spec.rb b/spec/lib/banzai/filter/suggestion_filter_spec.rb
index b13c90b54bd..af6f002fa30 100644
--- a/spec/lib/banzai/filter/suggestion_filter_spec.rb
+++ b/spec/lib/banzai/filter/suggestion_filter_spec.rb
@@ -5,7 +5,7 @@ require 'spec_helper'
 describe Banzai::Filter::SuggestionFilter do
   include FilterSpecHelper
 
-  let(:input) { "<pre class='code highlight js-syntax-highlight suggestion'><code>foo\n</code></pre>" }
+  let(:input) { %(<pre class="code highlight js-syntax-highlight suggestion"><code>foo\n</code></pre>) }
   let(:default_context) do
     { suggestions_filter_enabled: true }
   end
@@ -23,4 +23,35 @@ describe Banzai::Filter::SuggestionFilter do
 
     expect(result[:class]).to be_nil
   end
+
+  context 'multi-line suggestions' do
+    let(:data_attr) { Banzai::Filter::SyntaxHighlightFilter::LANG_PARAMS_ATTR }
+    let(:input) { %(<pre class="code highlight js-syntax-highlight suggestion" #{data_attr}="-3+2"><code>foo\n</code></pre>) }
+
+    context 'feature disabled' do
+      before do
+        stub_feature_flags(multi_line_suggestions: false)
+      end
+
+      it 'removes data-lang-params if it matches a multi-line suggestion param' do
+        doc = filter(input, default_context)
+        pre = doc.css('pre').first
+
+        expect(pre[data_attr]).to be_nil
+      end
+    end
+
+    context 'feature enabled' do
+      before do
+        stub_feature_flags(multi_line_suggestions: true)
+      end
+
+      it 'keeps data-lang-params' do
+        doc = filter(input, default_context)
+        pre = doc.css('pre').first
+
+        expect(pre[data_attr]).to eq('-3+2')
+      end
+    end
+  end
 end
diff --git a/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb b/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
index ef52c572898..05057789cc1 100644
--- a/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
+++ b/spec/lib/banzai/filter/syntax_highlight_filter_spec.rb
@@ -45,7 +45,10 @@ describe Banzai::Filter::SyntaxHighlightFilter do
   end
 
   context "languages that should be passed through" do
-    %w(math mermaid plantuml).each do |lang|
+    let(:delimiter) { described_class::PARAMS_DELIMITER }
+    let(:data_attr) { described_class::LANG_PARAMS_ATTR }
+
+    %w(math mermaid plantuml suggestion).each do |lang|
       context "when #{lang} is specified" do
         it "highlights as plaintext but with the correct language attribute and class" do
           result = filter(%{<pre><code lang="#{lang}">This is a test</code></pre>})
@@ -55,6 +58,33 @@ describe Banzai::Filter::SyntaxHighlightFilter do
 
         include_examples "XSS prevention", lang
       end
+
+      context "when #{lang} has extra params" do
+        let(:lang_params) { 'foo-bar-kux' }
+
+        it "includes data-lang-params tag with extra information" do
+          result = filter(%{<pre><code lang="#{lang}#{delimiter}#{lang_params}">This is a test</code></pre>})
+
+          expect(result.to_html).to eq(%{<pre class="code highlight js-syntax-highlight #{lang}" lang="#{lang}" #{data_attr}="#{lang_params}" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre>})
+        end
+
+        include_examples "XSS prevention", lang
+        include_examples "XSS prevention",
+          "#{lang}#{described_class::PARAMS_DELIMITER}&lt;script&gt;alert(1)&lt;/script&gt;"
+        include_examples "XSS prevention",
+          "#{lang}#{described_class::PARAMS_DELIMITER}<script>alert(1)</script>"
+      end
+    end
+
+    context 'when multiple param delimiters are used' do
+      let(:lang) { 'suggestion' }
+      let(:lang_params) { '-1+10' }
+
+      it "delimits on the first appearence" do
+        result = filter(%{<pre><code lang="#{lang}#{delimiter}#{lang_params}#{delimiter}more-things">This is a test</code></pre>})
+
+        expect(result.to_html).to eq(%{<pre class="code highlight js-syntax-highlight #{lang}" lang="#{lang}" #{data_attr}="#{lang_params}#{delimiter}more-things" v-pre="true"><code><span id="LC1" class="line" lang="#{lang}">This is a test</span></code></pre>})
+      end
     end
   end