Skip to content

Commit

Permalink
Disable RedCarpet's escape_html option
Browse files Browse the repository at this point in the history 
This option defaults to true in RedCarpet 3.2.0, but we handle
sanitization later in the process with html-pipeline.

Closes #2211
  • Loading branch information
@rspeicher
rspeicher committed Apr 9, 2015
1 parent b142d44 commit 13313d9
Showing 1 changed file with 21 additions and 17 deletions.
38 changes: 21 additions & 17 deletions app/helpers/gitlab_markdown_helper.rb
View file
Expand Up @@ -31,24 +31,28 @@ def link_to_gfm(body, url, html_options = {})
def markdown(text, options={})
unless @markdown && options == @options
@options = options
gitlab_renderer = Redcarpet::Render::GitlabHTML.new(self,
user_color_scheme_class,
{
# see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch-
with_toc_data: true,
safe_links_only: true
}.merge(options))
@markdown = Redcarpet::Markdown.new(gitlab_renderer,
# see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use
no_intra_emphasis: true,
tables: true,
fenced_code_blocks: true,
autolink: true,
strikethrough: true,
lax_spacing: true,
space_after_headers: true,
superscript: true)

# see https://github.com/vmg/redcarpet#darling-i-packed-you-a-couple-renderers-for-lunch
rend = Redcarpet::Render::GitlabHTML.new(self, user_color_scheme_class, {
with_toc_data: true,
safe_links_only: true,
# Handled further down the line by HTML::Pipeline::SanitizationFilter
escape_html: false
}.merge(options))

# see https://github.com/vmg/redcarpet#and-its-like-really-simple-to-use
@markdown = Redcarpet::Markdown.new(rend,
no_intra_emphasis: true,
tables: true,
fenced_code_blocks: true,
autolink: true,
strikethrough: true,
lax_spacing: true,
space_after_headers: true,
superscript: true
)
end

@markdown.render(text).html_safe
end

Expand Down

0 comments on commit 13313d9

Please sign in to comment.