github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 06:49:14 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
9468e0c0f2
discourse/lib/pretty_text.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

791 lines
26 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
require "mini_racer"
Initial release of Discourse
2013-02-06 03:16:51 +08:00
require "nokogiri"
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
require "erb"
Initial release of Discourse
2013-02-06 03:16:51 +08:00
module PrettyText
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
DANGEROUS_BIDI_CHARACTERS = [
"\u202A",
"\u202B",
"\u202C",
"\u202D",
"\u202E",
"\u2066",
"\u2067",
"\u2068",
"\u2069",
].freeze
DANGEROUS_BIDI_REGEXP = Regexp.new(DANGEROUS_BIDI_CHARACTERS.join("|")).freeze
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
BLOCKED_HOTLINKED_SRC_ATTR = "data-blocked-hotlinked-src"
BLOCKED_HOTLINKED_SRCSET_ATTR = "data-blocked-hotlinked-srcset"
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
@mutex = Mutex.new
@ctx_init = Mutex.new
Initial release of Discourse
2013-02-06 03:16:51 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
def self.app_root
Rails.root
end
fix failing server side quote localisation change
2013-07-16 15:48:48 +08:00
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
def self.apply_es6_file(ctx:, path:, module_name:)
source = File.read(path)
transpiler = DiscourseJsProcessor::Transpiler.new
transpiled = transpiler.perform(source, nil, module_name)
ctx.eval(transpiled, filename: module_name)
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
def self.ctx_load_directory(ctx:, base_path:, module_prefix:)
Dir["**/*.js", base: base_path].sort.each do |f|
module_name = "#{module_prefix}#{f.delete_suffix(".js")}"
apply_es6_file(ctx: ctx, path: File.join(base_path, f), module_name: module_name)
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
end
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
end
def self.create_es6_context
PERF: ensure we run full GC on contexts Prior to this change we would never clear memory from contexts and rely on V8 reacting to pressure This could lead to bloating of PrettyText and Transpiler contexts This optimisations ensures that we will clear memory 2 seconds after the last eval on the context
2020-05-15 12:01:54 +08:00
ctx = MiniRacer::Context.new(timeout: 25_000, ensure_gc_after_idle: 2000)
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
ctx.eval("window = globalThis; window.devicePixelRatio = 2;") # hack to make code think stuff is retina
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
DEV: Connect pretty-text console to the Rails logger (#15909) This will allow pretty text deprecations / errors / warnings to appear in the Rails logs, rather than disappearing silently. (implementation adapted from `discourse_js_processor.rb`)
2022-02-12 01:16:27 +08:00
ctx.attach("rails.logger.info", proc { |err| Rails.logger.info(err.to_s) })
ctx.attach("rails.logger.warn", proc { |err| Rails.logger.warn(err.to_s) })
ctx.attach("rails.logger.error", proc { |err| Rails.logger.error(err.to_s) })
ctx.eval <<~JS
console = {
prefix: "[PrettyText] ",
log: function(...args){ rails.logger.info(console.prefix + args.join(" ")); },
warn: function(...args){ rails.logger.warn(console.prefix + args.join(" ")); },
error: function(...args){ rails.logger.error(console.prefix + args.join(" ")); }
}
JS
Revert "Revert Ember.run refactors" This reverts commit fcb1ca52f96bdff1a49d558a4ffb18107d8334de.
2019-10-30 21:48:24 +08:00
ctx.eval("__PRETTY_TEXT = true")
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
DEV: import I18n instead of global usage (#9768) Co-authored-by: Mark VanLandingham <markvanlan@gmail.com> Co-authored-by: Robin Ward <robin.ward@gmail.com> Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2020-05-14 04:23:41 +08:00
PrettyText::Helpers.instance_methods.each do |method|
ctx.attach("__helpers.#{method}", PrettyText::Helpers.method(method))
end
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
root_path = "#{Rails.root}/app/assets/javascripts"
DEV: Merge root JS packages (#25857) Before this commit, we had a yarn package set up in the root directory and also in `app/assets/javascripts`. That meant two `yarn install` calls and two `node_modules` directories. This commit merges them both into the root location, and updates references to node_modules. A previous attempt can be found at https://github.com/discourse/discourse/pull/21172. This commit re-uses that script to merge the `yarn.lock` files. Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-02-26 21:45:58 +08:00
node_modules = "#{Rails.root}/node_modules"
md_node_modules = "#{Rails.root}/app/assets/javascripts/discourse-markdown-it/node_modules"
ctx.load("#{node_modules}/loader.js/dist/loader/loader.js")
ctx.load("#{md_node_modules}/markdown-it/dist/markdown-it.js")
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
ctx.load("#{root_path}/handlebars-shim.js")
DEV: Merge root JS packages (#25857) Before this commit, we had a yarn package set up in the root directory and also in `app/assets/javascripts`. That meant two `yarn install` calls and two `node_modules` directories. This commit merges them both into the root location, and updates references to node_modules. A previous attempt can be found at https://github.com/discourse/discourse/pull/21172. This commit re-uses that script to merge the `yarn.lock` files. Co-authored-by: Jarek Radosz <jradosz@gmail.com>
2024-02-26 21:45:58 +08:00
ctx.load("#{node_modules}/xss/dist/xss.js")
DEV: Compile markdown-it-bundle with ember-cli (#18104) We were already compiling the markdown bundle via ember-cli, but that version was only being used in the test environment. This commit improves the implementation, and updates the filename so it's also used in production. This commit also - Removes the vendored copy of `markdown-it.js` and fetches from node_modules instead - Updates `pretty_text.rb` to remove the custom sprockets-manifest-parsing - Removes `pretty-text-bundle.js`, which was only being used by `pretty_text.rb`
2022-08-30 02:11:59 +08:00
ctx.load("#{Rails.root}/lib/pretty_text/vendor-shims.js")
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
ctx_load_directory(
ctx: ctx,
base_path: "#{root_path}/pretty-text/addon",
module_prefix: "pretty-text/",
)
ctx_load_directory(
ctx: ctx,
base_path: "#{root_path}/discourse-markdown-it/src",
module_prefix: "discourse-markdown-it/",
)
%w[
discourse-common/addon/lib/get-url
discourse-common/addon/lib/object
discourse-common/addon/lib/deprecated
discourse-common/addon/lib/escape
discourse-common/addon/lib/avatar-utils
discourse/app/lib/to-markdown
discourse/app/static/markdown-it/features
].each do |f|
apply_es6_file(
ctx: ctx,
path: "#{root_path}/#{f}.js",
module_name: f.sub("/addon/", "/").sub("/app/", "/"),
)
end
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
ctx.load("#{Rails.root}/lib/pretty_text/shims.js")
ctx.eval("__setUnicode(#{Emoji.unicode_replacements_json})")
Replace Markdown parser.
2013-08-09 06:14:12 +08:00
DEV: Remove sprockets from plugin 'extra js' pipeline (#25502) JS assets added by plugins via `register_asset` will be outside the `assets/javascripts` directory, and are therefore exempt from being transpiled. That means that there isn't really any need to run them through DiscourseJsProcessor. Instead, we can just concatenate them together, and avoid the need for all the sprockets-wrangling. This commit also takes the opportunity to clean up a number of plugin-asset-related codepaths which are no longer required (e.g. globs, handlebars)
2024-02-01 19:48:31 +08:00
Discourse.plugins.each do |plugin|
Dir
FIX: Restore support for `.js.es6` files in PrettyText (#25588) Regressed in 1757a688c4749968db8e27623b975fc57519b97a https://meta.discourse.org/t/294155
2024-02-07 17:34:31 +08:00
.glob("#{plugin.directory}/assets/javascripts/**/discourse-markdown/**/*.{js,js.es6}")
.filter { |a| File.file?(a) }
DEV: Remove sprockets from plugin 'extra js' pipeline (#25502) JS assets added by plugins via `register_asset` will be outside the `assets/javascripts` directory, and are therefore exempt from being transpiled. That means that there isn't really any need to run them through DiscourseJsProcessor. Instead, we can just concatenate them together, and avoid the need for all the sprockets-wrangling. This commit also takes the opportunity to clean up a number of plugin-asset-related codepaths which are no longer required (e.g. globs, handlebars)
2024-02-01 19:48:31 +08:00
.each do |f|
module_name =
f.sub(%r{\A.+assets/javascripts/}, "discourse/plugins/#{plugin.name}/").sub(
/\.js(\.es6)?\z/,
"",
)
apply_es6_file(ctx: ctx, path: f, module_name: module_name)
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
FEATURE: adds support for loading existing core asset in pretty text
2018-04-10 14:37:16 +08:00
DiscoursePluginRegistry.vendored_core_pretty_text.each { |vpt| ctx.eval(File.read(vpt)) }
Allow plugins to add vendored files for the text pipeline
2017-04-19 05:49:56 +08:00
DiscoursePluginRegistry.vendored_pretty_text.each { |vpt| ctx.eval(File.read(vpt)) }
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
ctx
end
def self.v8
return @ctx if @ctx
# ensure we only init one of these
@ctx_init.synchronize do
return @ctx if @ctx
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
@ctx = create_es6_context
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
end
FEATURE: support email attachments
2014-04-15 04:55:57 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
@ctx
end
FIX: allows to have custom emoji translation without static file (#9893)
2020-05-28 02:11:52 +08:00
def self.reset_translations
v8.eval("__resetTranslationTree()")
end
FEATURE: attempt to recover from corrupt markdown engine
2014-11-14 14:51:04 +08:00
def self.reset_context
@ctx_init.synchronize do
Fix broken specs.
2017-07-20 12:17:45 +08:00
@ctx&.dispose
FEATURE: attempt to recover from corrupt markdown engine
2014-11-14 14:51:04 +08:00
@ctx = nil
end
end
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
# Acceptable options:
#
# disable_emojis - Disables the emoji markdown engine.
# features - A hash where the key is the markdown feature name and the value is a boolean to enable/disable the markdown feature.
# The hash is merged into the default features set in pretty-text.js which can be used to add new features or disable existing features.
# features_override - An array of markdown feature names to override the default markdown feature set. Currently used by plugins to customize what features should be enabled
# when rendering markdown.
# markdown_it_rules - An array of markdown rule names which will be applied to the markdown-it engine. Currently used by plugins to customize what markdown-it rules should be
# enabled when rendering markdown.
# topic_id - Topic id for the post being cooked.
# user_id - User id for the post being cooked.
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
# force_quote_link - Always create the link to the quoted topic for [quote] bbcode. Normally this only happens
# if the topic_id provided is different from the [quote topic:X].
FEATURE: Generic hashtag autocomplete lookup and markdown cooking (#18937) This commit fleshes out and adds functionality for the new `#hashtag` search and lookup system, still hidden behind the `enable_experimental_hashtag_autocomplete` feature flag. **Serverside** We have two plugin API registration methods that are used to define data sources (`register_hashtag_data_source`) and hashtag result type priorities depending on the context (`register_hashtag_type_in_context`). Reading the comments in plugin.rb should make it clear what these are doing. Reading the `HashtagAutocompleteService` in full will likely help a lot as well. Each data source is responsible for providing its own **lookup** and **search** method that returns hashtag results based on the arguments provided. For example, the category hashtag data source has to take into account parent categories and how they relate, and each data source has to define their own icon to use for the hashtag, and so on. The `Site` serializer has two new attributes that source data from `HashtagAutocompleteService`. There is `hashtag_icons` that is just a simple array of all the different icons that can be used for allowlisting in our markdown pipeline, and there is `hashtag_context_configurations` that is used to store the type priority orders for each registered context. When sending emails, we cannot render the SVG icons for hashtags, so we need to change the HTML hashtags to the normal `#hashtag` text. **Markdown** The `hashtag-autocomplete.js` file is where I have added the new `hashtag-autocomplete` markdown rule, and like all of our rules this is used to cook the raw text on both the clientside and on the serverside using MiniRacer. Only on the server side do we actually reach out to the database with the `hashtagLookup` function, on the clientside we just render a plainer version of the hashtag HTML. Only in the composer preview do we do further lookups based on this. This rule is the first one (that I can find) that uses the `currentUser` based on a passed in `user_id` for guardian checks in markdown rendering code. This is the `last_editor_id` for both the post and chat message. In some cases we need to cook without a user present, so the `Discourse.system_user` is used in this case. **Chat Channels** This also contains the changes required for chat so that chat channels can be used as a data source for hashtag searches and lookups. This data source will only be used when `enable_experimental_hashtag_autocomplete` is `true`, so we don't have to worry about channel results suddenly turning up. ------ **Known Rough Edges** - Onebox excerpts will not render the icon svg/use tags, I plan to address that in a follow up PR - Selecting a hashtag + pressing the Quote button will result in weird behaviour, I plan to address that in a follow up PR - Mixed hashtag contexts for hashtags without a type suffix will not work correctly, e.g. #ux which is both a category and a channel slug will resolve to a category when used inside a post or within a [chat] transcript in that post. Users can get around this manually by adding the correct suffix, for example ::channel. We may get to this at some point in future - Icons will not show for the hashtags in emails since SVG support is so terrible in email (this is not likely to be resolved, but still noting for posterity) - Additional refinements and review fixes wil
2022-11-21 06:37:06 +08:00
# hashtag_context - Defaults to "topic-composer" if not supplied. Controls the order of #hashtag lookup results
# based on registered hashtag contexts from the `#register_hashtag_search_param` plugin API
# method.
FEATURE: Admins should be able to create polls even when plugin is disabled.
2016-07-07 15:52:56 +08:00
def self.markdown(text, opts = {})
Initial release of Discourse
2013-02-06 03:16:51 +08:00
# we use the exact same markdown converter as the client
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
# TODO: use the same extensions on both client and server (in particular the template for mentions)
Initial release of Discourse
2013-02-06 03:16:51 +08:00
baked = nil
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
text = text || ""
Initial release of Discourse
2013-02-06 03:16:51 +08:00
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
protect do
avoid calling v8 multiple times ( makes certain testing simpler)
2013-08-16 11:03:47 +08:00
context = v8
Upgraded and refactored Sanitizing. Much less crap should get through now! Conflicts: app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-12 04:24:27 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
custom_emoji = {}
FIX: custom emojis leaking over multisites
2016-11-18 02:35:39 +08:00
Emoji.custom.map { |e| custom_emoji[e.name] = e.url }
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
# note, any additional options added to __optInput here must be
# also be added to the buildOptions function in pretty-text.js,
# otherwise they will be discarded
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
buffer = +<<~JS
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput = {};
__optInput.siteSettings = #{SiteSetting.client_settings_json};
DEV: Switch `InlineUploads` to a regexp based implementation.
2019-06-03 15:41:26 +08:00
#{"__optInput.disableEmojis = true" if opts[:disable_emojis]}
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
__paths = #{paths_json};
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getURL = __getURL;
FEATURE: Allow Markdown in post notices. (#7864)
2019-07-09 19:42:02 +08:00
#{"__optInput.features = #{opts[:features].to_json};" if opts[:features]}
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
#{"__optInput.featuresOverride = #{opts[:features_override].to_json};" if opts[:features_override]}
#{"__optInput.markdownItRules = #{opts[:markdown_it_rules].to_json};" if opts[:markdown_it_rules]}
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getCurrentUser = __getCurrentUser;
__optInput.lookupAvatar = __lookupAvatar;
Adds primary user group as a class to quote (#5285) * Adds primary user group as a class to quote This feature addition will add the class `group-PRIMARY_USER_GROUP` to the quote `aside`. `PRIMARY_USER_GROUP` will be the primary user group of the user being quoted. This is similar to the class that is added to a `topic-post`. * Remove trailing whitespace * Fix avatar in test * Address PR comments * Fix trailing whitespace
2017-11-03 21:51:40 +08:00
__optInput.lookupPrimaryUserGroup = __lookupPrimaryUserGroup;
Add quote and mention support for username formatters
2017-11-21 05:28:03 +08:00
__optInput.formatUsername = __formatUsername;
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getTopicInfo = __getTopicInfo;
FEATURE: Generic hashtag autocomplete lookup and markdown cooking (#18937) This commit fleshes out and adds functionality for the new `#hashtag` search and lookup system, still hidden behind the `enable_experimental_hashtag_autocomplete` feature flag. **Serverside** We have two plugin API registration methods that are used to define data sources (`register_hashtag_data_source`) and hashtag result type priorities depending on the context (`register_hashtag_type_in_context`). Reading the comments in plugin.rb should make it clear what these are doing. Reading the `HashtagAutocompleteService` in full will likely help a lot as well. Each data source is responsible for providing its own **lookup** and **search** method that returns hashtag results based on the arguments provided. For example, the category hashtag data source has to take into account parent categories and how they relate, and each data source has to define their own icon to use for the hashtag, and so on. The `Site` serializer has two new attributes that source data from `HashtagAutocompleteService`. There is `hashtag_icons` that is just a simple array of all the different icons that can be used for allowlisting in our markdown pipeline, and there is `hashtag_context_configurations` that is used to store the type priority orders for each registered context. When sending emails, we cannot render the SVG icons for hashtags, so we need to change the HTML hashtags to the normal `#hashtag` text. **Markdown** The `hashtag-autocomplete.js` file is where I have added the new `hashtag-autocomplete` markdown rule, and like all of our rules this is used to cook the raw text on both the clientside and on the serverside using MiniRacer. Only on the server side do we actually reach out to the database with the `hashtagLookup` function, on the clientside we just render a plainer version of the hashtag HTML. Only in the composer preview do we do further lookups based on this. This rule is the first one (that I can find) that uses the `currentUser` based on a passed in `user_id` for guardian checks in markdown rendering code. This is the `last_editor_id` for both the post and chat message. In some cases we need to cook without a user present, so the `Discourse.system_user` is used in this case. **Chat Channels** This also contains the changes required for chat so that chat channels can be used as a data source for hashtag searches and lookups. This data source will only be used when `enable_experimental_hashtag_autocomplete` is `true`, so we don't have to worry about channel results suddenly turning up. ------ **Known Rough Edges** - Onebox excerpts will not render the icon svg/use tags, I plan to address that in a follow up PR - Selecting a hashtag + pressing the Quote button will result in weird behaviour, I plan to address that in a follow up PR - Mixed hashtag contexts for hashtags without a type suffix will not work correctly, e.g. #ux which is both a category and a channel slug will resolve to a category when used inside a post or within a [chat] transcript in that post. Users can get around this manually by adding the correct suffix, for example ::channel. We may get to this at some point in future - Icons will not show for the hashtags in emails since SVG support is so terrible in email (this is not likely to be resolved, but still noting for posterity) - Additional refinements and review fixes wil
2022-11-21 06:37:06 +08:00
__optInput.hashtagLookup = __hashtagLookup;
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.customEmoji = #{custom_emoji.to_json};
FIX: allows to have custom emoji translation without static file (#9893)
2020-05-28 02:11:52 +08:00
__optInput.customEmojiTranslation = #{Plugin::CustomEmoji.translations.to_json};
implement unicode emoji replacements
2017-06-29 01:47:22 +08:00
__optInput.emojiUnicodeReplacer = __emojiUnicodeReplacer;
FEATURE: Add an emoji deny list site setting (#20929) This feature will allow sites to define which emoji are not allowed. Emoji in this list should be excluded from the set we show in the core emoji picker used in the composer for posts when emoji are enabled. And they should not be allowed to be chosen to be added to messages or as reactions in chat. This feature prevents denied emoji from appearing in the following scenarios: - topic title and page title - private messages (topic title and body) - inserting emojis into a chat - reacting to chat messages - using the emoji picker (composer, user status etc) - using search within emoji picker It also takes into account the various ways that emojis can be accessed, such as: - emoji autocomplete suggestions - emoji favourites (auto populates when adding to emoji deny list for example) - emoji inline translations - emoji skintones (ie. for certain hand gestures)
2023-04-13 15:38:54 +08:00
__optInput.emojiDenyList = #{Emoji.denied.to_json};
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
__optInput.lookupUploadUrls = __lookupUploadUrls;
DEV: Refactor watched words (#24163) - Ignore only invalid words, not all words if one of them is invalid - The naming scheme for methods was inconsistent - Optimize regular expressions
2023-11-01 22:41:10 +08:00
__optInput.censoredRegexp = #{WordWatcher.serialized_regexps_for_action(:censor, engine: :js).to_json};
__optInput.watchedWordsReplace = #{WordWatcher.regexps_for_action(:replace, engine: :js).to_json};
__optInput.watchedWordsLink = #{WordWatcher.regexps_for_action(:link, engine: :js).to_json};
DEV: Add markdown_additional_options to Site (#15738) Sometimes plugins need to have additional data or options available when rendering custom markdown features/rules that are not available on the default opts.discourse object. These additional options should be namespaced to the plugin adding them. ``` Site.markdown_additional_options["chat"] = { limited_pretty_text_markdown_rules: [] } ``` These are passed down to markdown rules on opts.discourse.additionalOptions. The main motivation for adding this is the chat plugin, which currently stores chat_pretty_text_features and chat_pretty_text_markdown_rules on the Site object via additions to the serializer, and the Site object is not accessible to import via markdown rules (either through Site.current() or through container.lookup). So, to have this working for both front + backend code, we need to attach these additional options from the Site object onto the markdown options object.
2022-01-28 11:02:02 +08:00
__optInput.additionalOptions = #{Site.markdown_additional_options.to_json};
FEATURE: reduce avatar sizes to 6 from 20 (#21319) * FEATURE: reduce avatar sizes to 6 from 20 This PR introduces 3 changes: 1. SiteSetting.avatar_sizes, now does what is says on the tin. previously it would introduce a large number of extra sizes, to allow for various DPIs. Instead we now trust the admin with the size list. 2. When `avatar_sizes` changes, we ensure consistency and remove resized avatars that are not longer allowed per site setting. This happens on the 12 hourly job and limited out of the box to 20k cleanups per cycle, given this may reach out to AWS 20k times to remove things. 3.Our default avatar sizes are now "24|48|72|96|144|288" these sizes were very specifically picked to limit amount of bluriness introduced by webkit. Our avatars are already blurry due to 1px border, so this corrects old blur. This change heavily reduces storage required by forums which simplifies site moves and more. Co-authored-by: David Taylor <david@taylorhq.com>
2023-06-01 08:00:01 +08:00
__optInput.avatar_sizes = #{SiteSetting.avatar_sizes.to_json};
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
JS
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
buffer << "__optInput.topicId = #{opts[:topic_id].to_i};\n" if opts[:topic_id]
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
if opts[:force_quote_link]
buffer << "__optInput.forceQuoteLink = #{opts[:force_quote_link]};\n"
end
DEV: Remove currentUser lookup in pretty-text (#20894) This was added in d3f02a127065aae65fc5933951acae98a95d014a for hashtags but later removed usage in b2acc416e7cdd502e2f394f1e6014210e6212b50. It was removed because serializing the user does not include things like their secure_categories. It is not used by any other plugins or themes, and can cause issues where it will error when operating on a null user. Better to just pass in the user_id and use it to look up a user directly in a PrettyText::Helper
2023-03-30 12:50:36 +08:00
buffer << "__optInput.userId = #{opts[:user_id].to_i};\n" if opts[:user_id]
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
FEATURE: Generic hashtag autocomplete lookup and markdown cooking (#18937) This commit fleshes out and adds functionality for the new `#hashtag` search and lookup system, still hidden behind the `enable_experimental_hashtag_autocomplete` feature flag. **Serverside** We have two plugin API registration methods that are used to define data sources (`register_hashtag_data_source`) and hashtag result type priorities depending on the context (`register_hashtag_type_in_context`). Reading the comments in plugin.rb should make it clear what these are doing. Reading the `HashtagAutocompleteService` in full will likely help a lot as well. Each data source is responsible for providing its own **lookup** and **search** method that returns hashtag results based on the arguments provided. For example, the category hashtag data source has to take into account parent categories and how they relate, and each data source has to define their own icon to use for the hashtag, and so on. The `Site` serializer has two new attributes that source data from `HashtagAutocompleteService`. There is `hashtag_icons` that is just a simple array of all the different icons that can be used for allowlisting in our markdown pipeline, and there is `hashtag_context_configurations` that is used to store the type priority orders for each registered context. When sending emails, we cannot render the SVG icons for hashtags, so we need to change the HTML hashtags to the normal `#hashtag` text. **Markdown** The `hashtag-autocomplete.js` file is where I have added the new `hashtag-autocomplete` markdown rule, and like all of our rules this is used to cook the raw text on both the clientside and on the serverside using MiniRacer. Only on the server side do we actually reach out to the database with the `hashtagLookup` function, on the clientside we just render a plainer version of the hashtag HTML. Only in the composer preview do we do further lookups based on this. This rule is the first one (that I can find) that uses the `currentUser` based on a passed in `user_id` for guardian checks in markdown rendering code. This is the `last_editor_id` for both the post and chat message. In some cases we need to cook without a user present, so the `Discourse.system_user` is used in this case. **Chat Channels** This also contains the changes required for chat so that chat channels can be used as a data source for hashtag searches and lookups. This data source will only be used when `enable_experimental_hashtag_autocomplete` is `true`, so we don't have to worry about channel results suddenly turning up. ------ **Known Rough Edges** - Onebox excerpts will not render the icon svg/use tags, I plan to address that in a follow up PR - Selecting a hashtag + pressing the Quote button will result in weird behaviour, I plan to address that in a follow up PR - Mixed hashtag contexts for hashtags without a type suffix will not work correctly, e.g. #ux which is both a category and a channel slug will resolve to a category when used inside a post or within a [chat] transcript in that post. Users can get around this manually by adding the correct suffix, for example ::channel. We may get to this at some point in future - Icons will not show for the hashtags in emails since SVG support is so terrible in email (this is not likely to be resolved, but still noting for posterity) - Additional refinements and review fixes wil
2022-11-21 06:37:06 +08:00
opts[:hashtag_context] = opts[:hashtag_context] || "topic-composer"
hashtag_types_as_js =
HashtagAutocompleteService
.ordered_types_for_context(opts[:hashtag_context])
.map { |t| "'#{t}'" }
.join(",")
buffer << "__optInput.hashtagTypesInPriorityOrder = [#{hashtag_types_as_js}];\n"
FIX: Do not cook icon with hashtags (#21676) This commit makes some fundamental changes to how hashtag cooking and icon generation works in the new experimental hashtag autocomplete mode. Previously we cooked the appropriate SVG icon with the cooked hashtag, though this has proved inflexible especially for theming purposes. Instead, we now cook a data-ID attribute with the hashtag and add a new span as an icon placeholder. This is replaced on the client side with an icon (or a square span in the case of categories) on the client side via the decorateCooked API for posts and chat messages. This client side logic uses the generated hashtag, category, and channel CSS classes added in a previous commit. This is missing changes to the sidebar to use the new generated CSS classes and also colors and the split square for categories in the hashtag autocomplete menu -- I will tackle this in a separate PR so it is clearer.
2023-05-23 15:33:55 +08:00
buffer << "__optInput.hashtagIcons = #{HashtagAutocompleteService.data_source_icon_map.to_json};\n"
FEATURE: Generic hashtag autocomplete lookup and markdown cooking (#18937) This commit fleshes out and adds functionality for the new `#hashtag` search and lookup system, still hidden behind the `enable_experimental_hashtag_autocomplete` feature flag. **Serverside** We have two plugin API registration methods that are used to define data sources (`register_hashtag_data_source`) and hashtag result type priorities depending on the context (`register_hashtag_type_in_context`). Reading the comments in plugin.rb should make it clear what these are doing. Reading the `HashtagAutocompleteService` in full will likely help a lot as well. Each data source is responsible for providing its own **lookup** and **search** method that returns hashtag results based on the arguments provided. For example, the category hashtag data source has to take into account parent categories and how they relate, and each data source has to define their own icon to use for the hashtag, and so on. The `Site` serializer has two new attributes that source data from `HashtagAutocompleteService`. There is `hashtag_icons` that is just a simple array of all the different icons that can be used for allowlisting in our markdown pipeline, and there is `hashtag_context_configurations` that is used to store the type priority orders for each registered context. When sending emails, we cannot render the SVG icons for hashtags, so we need to change the HTML hashtags to the normal `#hashtag` text. **Markdown** The `hashtag-autocomplete.js` file is where I have added the new `hashtag-autocomplete` markdown rule, and like all of our rules this is used to cook the raw text on both the clientside and on the serverside using MiniRacer. Only on the server side do we actually reach out to the database with the `hashtagLookup` function, on the clientside we just render a plainer version of the hashtag HTML. Only in the composer preview do we do further lookups based on this. This rule is the first one (that I can find) that uses the `currentUser` based on a passed in `user_id` for guardian checks in markdown rendering code. This is the `last_editor_id` for both the post and chat message. In some cases we need to cook without a user present, so the `Discourse.system_user` is used in this case. **Chat Channels** This also contains the changes required for chat so that chat channels can be used as a data source for hashtag searches and lookups. This data source will only be used when `enable_experimental_hashtag_autocomplete` is `true`, so we don't have to worry about channel results suddenly turning up. ------ **Known Rough Edges** - Onebox excerpts will not render the icon svg/use tags, I plan to address that in a follow up PR - Selecting a hashtag + pressing the Quote button will result in weird behaviour, I plan to address that in a follow up PR - Mixed hashtag contexts for hashtags without a type suffix will not work correctly, e.g. #ux which is both a category and a channel slug will resolve to a category when used inside a post or within a [chat] transcript in that post. Users can get around this manually by adding the correct suffix, for example ::channel. We may get to this at some point in future - Icons will not show for the hashtags in emails since SVG support is so terrible in email (this is not likely to be resolved, but still noting for posterity) - Additional refinements and review fixes wil
2022-11-21 06:37:06 +08:00
DEV: remove markdown-it-bundle and custom build code (#23859) With Embroider, we can rely on async `import()` to do the splitting for us. This commit extracts from `pretty-text` all the parts that are meant to be loaded async into a new `discourse-markdown-it` package that is also a V2 addon (meaning that all files are presumed unused until they are imported, aka "static"). Mostly I tried to keep the very discourse specific stuff (accessing site settings and loading plugin features) inside discourse proper, while the new package aims to have some resembalance of a general purpose library, a MarkdownIt++ if you will. It is far from perfect because of how all the "options" stuff work but I think it's a good start for more refactorings (clearing up the interfaces) to happen later. With this, pretty-text and app/lib/text are mostly a kitchen sink of loosely related text processing utilities. After the refactor, a lot more code related to setting up the engine are now loaded lazily, which should be a pretty nice win. I also noticed that we are currently pulling in the `xss` library at initial load to power the "sanitize" stuff, but I suspect with a similar refactoring effort those usages can be removed too. (See also #23790). This PR does not attempt to fix the sanitize issue, but I think it sets things up on the right trajectory for that to happen later. Co-authored-by: David Taylor <david@taylorhq.com>
2023-11-07 00:59:49 +08:00
buffer << "__pluginFeatures = __loadPluginFeatures();"
buffer << "__pt = __DiscourseMarkdownIt.withCustomFeatures(__pluginFeatures).withOptions(__optInput);"
Feature: Change markdown engine to markdown it This commit removes the old evilstreak markdownjs engine. - Adds specs to WhiteLister and changes it to stop using globals (Fixes large memory leak) - Fixes edge cases around bbcode handling - Removes mdtest which is no longer valid (to be replaced with CommonMark) - Updates MiniRacer to correct minor unmanaged memory leak - Fixes plugin specs
2017-07-14 20:27:28 +08:00
FIX: Allow disabling of sanitization (for email customiaztions)
2016-08-12 02:59:20 +08:00
# Be careful disabling sanitization. We allow for custom emails
Feature: Change markdown engine to markdown it This commit removes the old evilstreak markdownjs engine. - Adds specs to WhiteLister and changes it to stop using globals (Fixes large memory leak) - Fixes edge cases around bbcode handling - Removes mdtest which is no longer valid (to be replaced with CommonMark) - Updates MiniRacer to correct minor unmanaged memory leak - Fixes plugin specs
2017-07-14 20:27:28 +08:00
buffer << ("__pt.disableSanitizer();") if opts[:sanitize] == false
FIX: Allow disabling of sanitization (for email customiaztions)
2016-08-12 02:59:20 +08:00
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
opts = context.eval(buffer)
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
FEATURE: DiscourseEvent hook for server side markdown context.
2016-01-29 22:59:15 +08:00
DiscourseEvent.trigger(:markdown_context, context)
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
baked = context.eval("__pt.cook(#{text.inspect})")
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
baked
end
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
def self.paths_json
paths = { baseUri: Discourse.base_path, CDN: Rails.configuration.action_controller.asset_host }
if SiteSetting.Upload.enable_s3_uploads
paths[:S3CDN] = SiteSetting.Upload.s3_cdn_url if SiteSetting.Upload.s3_cdn_url.present?
paths[:S3BaseUrl] = Discourse.store.absolute_base_url
end
paths.to_json
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
# leaving this here, cause it invokes v8, don't want to implement twice
custom avatar support
2013-08-14 04:08:29 +08:00
def self.avatar_img(avatar_template, size)
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
protect { v8.eval(<<~JS) }
DEV: ensures __optInput is initialized (#21886) Test were sometimes failing with similar error to the following: ``` 1) UsernameChanger#override when unicode_usernames is off overrides the username if a new name has different case Failure/Error: protect { v8.eval(<<~JS) } __paths = #{paths_json}; __utils.avatarImg({size: #{size.inspect}, avatarTemplate: #{avatar_template.inspect}}, __getURL); JS MiniRacer::RuntimeError: ReferenceError: __optInput is not defined # JavaScript at exports.helperContext (<anonymous>:21:17) # JavaScript at getRawAvatarSize (<anonymous>:108:49) # JavaScript at avatarUrl (<anonymous>:102:21) # JavaScript at Object.avatarImg (<anonymous>:129:15) # JavaScript at <anonymous>:2:9 # ./lib/pretty_text.rb:259:in `block in avatar_img' # ./lib/pretty_text.rb:661:in `block in protect' # ./lib/pretty_text.rb:661:in `synchronize' # ./lib/pretty_text.rb:661:in `protect' # ./lib/pretty_text.rb:259:in `avatar_img' # ./app/jobs/regular/update_username.rb:14:in `execute' ``` This should not be needed as it should already have been initialised but that should stop the flakey-ness for now while being a safe change.
2023-06-01 18:58:15 +08:00
__optInput = {};
__optInput.avatar_sizes = #{SiteSetting.avatar_sizes.to_json};
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
__paths = #{paths_json};
DEV: Move avatar-utils into dedicated discourse-common module (#22517) These avatar-related helper functions are used in pretty-text, which currently means we load the entire `discourse/lib/utilities` module into the mini-racer when running pretty-text on the server side. This stops us adding any logic or imports to discourse/lib/utilities which may depend on other `discourse/` namespace features. This commit moves the avatar-related utils into a dedicated module in the `discourse-common` namespace, adds backwards-compatibility shims, and updates the pretty-text config accordingly.
2023-07-12 16:06:16 +08:00
require("discourse-common/lib/avatar-utils").avatarImg({size: #{size.inspect}, avatarTemplate: #{avatar_template.inspect}}, __getURL);
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
JS
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
FIX: unescape emojis in digests
2015-10-15 15:59:29 +08:00
def self.unescape_emoji(title)
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
return title unless SiteSetting.enable_emoji? && title
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
set = SiteSetting.emoji_set.inspect
FIX: Fixed custom emoji circumventing "max emojis in topic title" set… (#7116)
2019-03-06 19:49:17 +08:00
custom = Emoji.custom.map { |e| [e.name, e.url] }.to_h.to_json
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
protect { v8.eval(<<~JS) }
__paths = #{paths_json};
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
__performEmojiUnescape(#{title.inspect}, {
getURL: __getURL,
emojiSet: #{set},
FIX: Missing quote in emoji cdn setting caused by 83f332b (#12280)
2021-03-04 04:39:00 +08:00
emojiCDNUrl: "#{SiteSetting.external_emoji_url.blank? ? "" : SiteSetting.external_emoji_url}",
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
customEmoji: #{custom},
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
enableEmojiShortcuts: #{SiteSetting.enable_emoji_shortcuts},
inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
});
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
JS
FIX: unescape emojis in digests
2015-10-15 15:59:29 +08:00
end
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
def self.escape_emoji(title)
return unless title
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
replace_emoji_shortcuts = SiteSetting.enable_emoji && SiteSetting.enable_emoji_shortcuts
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
protect { v8.eval(<<~JS) }
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
__performEmojiEscape(#{title.inspect}, {
emojiShortcuts: #{replace_emoji_shortcuts},
inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
});
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
JS
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
def self.cook(text, opts = {})
- FEATURE: revamped poll plugin - add User.staff scope - inject MessageBus into Ember views (so it can be used by the poll plugin) - REFACTOR: use more accurate is_first_post? method instead of post_number == 1 - FEATURE: add support for JSON-typed custom fields - FEATURE: allow plugins to add validation - FEATURE: add post_custom_fields to PostSerializer - FEATURE: allow plugins to whitelist post_custom_fields - FIX: don't bump when post did not save successfully - FEATURE: polls are supported in any post - FEATURE: allow for multiple polls in the same post - FEATURE: multiple choice polls - FEATURE: rating polls - FEATURE: new dialect allowing users to preview polls in the composer
2015-04-24 01:33:29 +08:00
options = opts.dup
PERF: Use a regexp for unicode replacements
2015-12-31 03:35:25 +08:00
working_text = text.dup
FEATURE: add censored_pattern setting to censor posts using regex
2016-11-09 05:36:34 +08:00
Remove censored_pattern site setting, which is replaced by watched words
2018-02-27 04:48:59 +08:00
sanitized = markdown(working_text, options)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(sanitized)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
add_nofollow = !options[:omit_nofollow] && SiteSetting.add_rel_nofollow_to_user_content
add_rel_attributes_to_user_content(doc, add_nofollow)
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
strip_hidden_unicode_bidirectional_characters(doc)
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
sanitize_hotlinked_media(doc)
FEATURE: Auto generate and display video preview image (#25633) This change will allow auto generated video thumbnails to be used instead of the black video thumbnail that overlays videos. Follow up to: 2443446e62bff9dd8a0493d10e5359a5e946a84e
2024-02-15 04:43:53 +08:00
add_video_placeholder_image(doc)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
add_mentions(doc, user_id: opts[:user_id]) if SiteSetting.enable_mentions
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
scrubber = Loofah::Scrubber.new { |node| node.remove if node.name == "script" }
DEV: use HTML5 version of loofah (#21522) https://meta.discourse.org/t/markdown-preview-and-result-differ/263878 The result of this markdown had different results in the composer preview and the post. This is solved by updating Loofah to the latest version and using html5 fragments like our user had reported. While the change was only needed in cooked_post_processor.rb for this fix, other areas also had to be updated due to various side effects.
2023-06-20 09:49:22 +08:00
loofah_fragment = Loofah.html5_fragment(doc.to_html)
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
loofah_fragment.scrub!(scrubber).to_html
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
end
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
def self.strip_hidden_unicode_bidirectional_characters(doc)
return if !DANGEROUS_BIDI_REGEXP.match?(doc.content)
doc
.css("code,pre")
.each do |code_tag|
next if !DANGEROUS_BIDI_REGEXP.match?(code_tag.content)
DANGEROUS_BIDI_CHARACTERS.each do |bidi|
next if !code_tag.content.include?(bidi)
formatted = "&lt;U+#{bidi.ord.to_s(16).upcase}&gt;"
code_tag.inner_html =
code_tag.inner_html.gsub(
bidi,
"<span class=\"bidi-warning\" title=\"#{I18n.t("post.hidden_bidi_character")}\">#{formatted}</span>",
)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
end
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
def self.sanitize_hotlinked_media(doc)
return if !SiteSetting.block_hotlinked_media
allowed_pattern = allowed_src_pattern
doc
DEV: Prevent videos from preloading metadata (#23807) Preloading just metadata is not always respected by browsers, and sometimes the whole video will be downloaded. This switches to using a placeholder image for the video and only loads the video when the play button is clicked.
2023-10-13 03:47:48 +08:00
.css("img[src], source[src], source[srcset], track[src], div[data-video-src]")
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
.each do |el|
if el["src"] && !el["src"].match?(allowed_pattern)
el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] = el.delete("src")
end
DEV: Prevent videos from preloading metadata (#23807) Preloading just metadata is not always respected by browsers, and sometimes the whole video will be downloaded. This switches to using a placeholder image for the video and only loads the video when the play button is clicked.
2023-10-13 03:47:48 +08:00
if el["data-video-src"] && !el["data-video-src"].match?(allowed_pattern)
el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] = el["data-video-src"]
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
if el["srcset"]
srcs = el["srcset"].split(",").map { |e| e.split(" ", 2)[0].presence }
if srcs.any? { |src| !src.match?(allowed_pattern) }
el[PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR] = el.delete("srcset")
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
end
end
end
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
def self.add_rel_attributes_to_user_content(doc, add_nofollow)
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
allowlist = []
formatting
2013-02-11 16:01:33 +08:00
relocate emoji plugin, stop pre-compiling assets
2013-11-20 11:38:21 +08:00
domains = SiteSetting.exclude_rel_nofollow_domains
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
allowlist = domains.split("|") if domains.present?
formatting
2013-02-11 16:01:33 +08:00
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
site_uri = nil
doc
.css("a")
.each do |l|
href = l["href"].to_s
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
l["rel"] = "noopener" if l["target"] == "_blank"
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
begin
FIX: remove deprecated URI.escape (#9697) During Nokogumbo changes I introduced back URI.escape which is deprecated.
2020-05-08 09:14:59 +08:00
uri = URI(UrlHelper.encode_component(href))
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
site_uri ||= URI(Discourse.base_url)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
same_domain =
!uri.host.present? || uri.host == site_uri.host ||
uri.host.ends_with?(".#{site_uri.host}") ||
allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
l["rel"] = "noopener nofollow ugc" if add_nofollow && !same_domain
FIX: store the topic links using the cooked upload url
2018-08-14 18:23:32 +08:00
rescue URI::Error
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
# add a nofollow anyway
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
l["rel"] = "noopener nofollow ugc"
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
class DetectedLink < Struct.new(:url, :is_quote)
end
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
def self.extract_links(html)
links = []
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
FIX: Do not check for duplicate links in Onebox (#13345) If a user posted a URL that appeared inside a Onebox, then the user got a duplicate link notice. This was fixed by skipping those links in Ruby. If a user posted a URL that was Oneboxes and contained other links that appeared in previous posts, then the user got a duplicate link notice. This was fixed by skipping those links in JavaScript.
2021-06-18 23:55:24 +08:00
# extract onebox links
doc
.css("aside.onebox[data-onebox-src]")
.each { |onebox| links << DetectedLink.new(onebox["data-onebox-src"], false) }
# remove href inside quotes & oneboxes & elided part
doc.css("aside.quote a, aside.onebox a, .elided a").remove
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
FIX: Improve top links section from user summary (#15675) * Do not extract links for hotlinked images * Include only links that have been clicked at least once in user summary
2022-01-24 08:33:23 +08:00
# remove hotlinked images
doc.css("a.onebox > img").each { |img| img.parent.remove }
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract all links
doc
.css("a")
.each do |a|
DEV: stop freezing frozen strings We have the `# frozen_string_literal: true` comment on all our files. This means all string literals are frozen. There is no need to call #freeze on any literals. For files with `# frozen_string_literal: true` ``` puts %w{a b}[0].frozen? => true puts "hi".frozen? => true puts "a #{1} b".frozen? => true puts ("a " + "b").frozen? => false puts (-("a " + "b")).frozen? => true ``` For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby
2020-04-30 14:48:34 +08:00
links << DetectedLink.new(a["href"], false) if a["href"].present? && a["href"][0] != "#"
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
end
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract quotes
doc
.css("aside.quote[data-topic]")
.each do |aside|
if aside["data-topic"].present?
FIX: Don't add a slug to constructed quote urls (#12052) A topic with the slug 'topic' might exist and may end up being linked to by mistake when malformed (i.e. cross-site) quotes are posted.
2021-02-12 02:21:13 +08:00
url = +"/t/#{aside["data-topic"]}"
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
url << "/#{aside["data-post"]}" if aside["data-post"].present?
links << DetectedLink.new(url, true)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
Fix bug where links to posts weren't being tracked
2013-02-14 04:22:04 +08:00
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract Youtube links
doc
DEV: Remove lazy-yt and replace with lazy-videos (#20722) - Refactors the old plugin to remove jquery usage - Adds support for Vimeo videos (default on) and Tiktok (experimental and default off)
2023-03-29 23:54:25 +08:00
.css("div[data-video-id]")
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
.each do |div|
DEV: Remove lazy-yt and replace with lazy-videos (#20722) - Refactors the old plugin to remove jquery usage - Adds support for Vimeo videos (default on) and Tiktok (experimental and default off)
2023-03-29 23:54:25 +08:00
if div["data-video-id"].present? && div["data-provider-name"].present?
base_url =
case div["data-provider-name"]
when "youtube"
"https://www.youtube.com/watch?v="
when "vimeo"
"https://vimeo.com/"
when "tiktok"
"https://m.tiktok.com/v/"
end
links << DetectedLink.new(base_url + div["data-video-id"], false)
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
end
FIX: Consider lazyYT divs as links when extracting
2016-09-23 04:50:05 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
links
end
FEATURE: Auto generate and display video preview image (#25633) This change will allow auto generated video thumbnails to be used instead of the black video thumbnail that overlays videos. Follow up to: 2443446e62bff9dd8a0493d10e5359a5e946a84e
2024-02-15 04:43:53 +08:00
def self.add_video_placeholder_image(doc)
doc
.css(".video-placeholder-container")
.each do |video|
video_src = video["data-video-src"]
video_sha1 = File.basename(video_src, File.extname(video_src))
thumbnail = Upload.where("original_filename LIKE ?", "#{video_sha1}.%").last
if thumbnail
video["data-thumbnail-src"] = UrlHelper.absolute(
GlobalPath.upload_cdn_path(thumbnail.url),
)
end
end
end
FEATURE: Show live user status on inline mentions on posts (#18683) Note that we don't have a database table and a model for post mentions yet, and I decided to implement it without adding one to avoid heavy data migrations. Still, we may want to add such a model later, that would be convenient, we have such a model for mentions in chat. Note that status appears on all mentions on all posts in a topic except of the case when you just posted a new post, and it appeared on the bottom of the topic. On such posts, status won't be shown immediately for now (you'll need to reload the page to see the status). I'll take care of it in one of the following PRs.
2022-12-06 23:10:36 +08:00
def self.extract_mentions(cooked)
mentions =
cooked
.css(".mention, .mention-group")
FIX: remove "fake" mentions from extract_mentions (#26253) ``` <a class="mention" href="/u/test1">bsam</a> ``` Is not a mention of the user sam. We expect an @ in front always.
2024-03-20 09:20:15 +08:00
.filter_map do |e|
FEATURE: Show live user status on inline mentions on posts (#18683) Note that we don't have a database table and a model for post mentions yet, and I decided to implement it without adding one to avoid heavy data migrations. Still, we may want to add such a model later, that would be convenient, we have such a model for mentions in chat. Note that status appears on all mentions on all posts in a topic except of the case when you just posted a new post, and it appeared on the bottom of the topic. On such posts, status won't be shown immediately for now (you'll need to reload the page to see the status). I'll take care of it in one of the following PRs.
2022-12-06 23:10:36 +08:00
if (name = e.inner_text)
FIX: remove "fake" mentions from extract_mentions (#26253) ``` <a class="mention" href="/u/test1">bsam</a> ``` Is not a mention of the user sam. We expect an @ in front always.
2024-03-20 09:20:15 +08:00
User.normalize_username(name[1..-1]) if name[0] == "@"
FEATURE: Show live user status on inline mentions on posts (#18683) Note that we don't have a database table and a model for post mentions yet, and I decided to implement it without adding one to avoid heavy data migrations. Still, we may want to add such a model later, that would be convenient, we have such a model for mentions in chat. Note that status appears on all mentions on all posts in a topic except of the case when you just posted a new post, and it appeared on the bottom of the topic. On such posts, status won't be shown immediately for now (you'll need to reload the page to see the status). I'll take care of it in one of the following PRs.
2022-12-06 23:10:36 +08:00
end
end
DEV: Added modifier to change mentions extracted from cooked text (#21654) Added a new modifier hook to allow plugins to modify the @mentions extracted from a cooked text. Use case: Some plugins may change how the mentions are cooked to prevent them from being confused with user or group mentions and display the user card. This modifier hook allows the plugin to filter the mentions detected or add new ways to add mentions into cooked text.
2023-06-15 21:52:52 +08:00
mentions =
DiscoursePluginRegistry.apply_modifier(:pretty_text_extract_mentions, mentions, cooked)
FEATURE: Show live user status on inline mentions on posts (#18683) Note that we don't have a database table and a model for post mentions yet, and I decided to implement it without adding one to avoid heavy data migrations. Still, we may want to add such a model later, that would be convenient, we have such a model for mentions in chat. Note that status appears on all mentions on all posts in a topic except of the case when you just posted a new post, and it appeared on the bottom of the topic. On such posts, status won't be shown immediately for now (you'll need to reload the page to see the status). I'll take care of it in one of the following PRs.
2022-12-06 23:10:36 +08:00
mentions.compact!
mentions.uniq!
mentions
end
refactor
2013-05-28 07:48:47 +08:00
def self.excerpt(html, max_length, options = {})
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
# TODO: properly fix this HACK in ExcerptParser without introducing XSS
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
FEATURE: Implement Onebox for posts including polls. (#7539)
2019-05-29 23:05:52 +08:00
DiscourseEvent.trigger(:reduce_excerpt, doc, options)
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
strip_image_wrapping(doc)
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
strip_oneboxed_media(doc)
DEV: Remove enable_experimental_hashtag_autocomplete logic (#22820) This commit removes any logic in the app and in specs around enable_experimental_hashtag_autocomplete and deletes some old category hashtag code that is no longer necessary. It also adds a `slug_ref` category instance method, which will generate a reference like `parent:child` for a category, with an optional depth, which hashtags use. Also refactors PostRevisor which was using CategoryHashtagDataSource directly which is a no-no. Deletes the old hashtag markdown rule as well.
2023-08-08 09:18:55 +08:00
convert_hashtag_links_to_plaintext(doc) if options[:plain_hashtags]
FIX: Do not add empty use/svg tags in ExcerptParser (#19969) There was an issue where if hashtag-cooked HTML was sent to the ExcerptParser without the keep_svg option, we would end up with empty </use> and </svg> tags on the parts of the excerpt where the hashtag was, in this case when a post push notification was sent. Fixed this, and also added a way to only display a plaintext version of the hashtag for cases like this via PrettyText#excerpt.
2023-01-24 12:40:24 +08:00
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
html = doc.to_html
refactor
2013-05-28 07:48:47 +08:00
ExcerptParser.get_excerpt(html, max_length, options)
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
FIX: Do not add empty use/svg tags in ExcerptParser (#19969) There was an issue where if hashtag-cooked HTML was sent to the ExcerptParser without the keep_svg option, we would end up with empty </use> and </svg> tags on the parts of the excerpt where the hashtag was, in this case when a post push notification was sent. Fixed this, and also added a way to only display a plaintext version of the hashtag for cases like this via PrettyText#excerpt.
2023-01-24 12:40:24 +08:00
def self.convert_hashtag_links_to_plaintext(doc)
doc
.css("a.hashtag-cooked")
.each { |hashtag| hashtag.replace("##{hashtag.attributes["data-slug"]}") }
end
FIX: Strip links from google indexed bios when the users are new.
2013-06-06 03:28:10 +08:00
def self.strip_links(string)
return string if string.blank?
# If the user is not basic, strip links from their bio
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
fragment = Nokogiri::HTML5.fragment(string)
SECURITY: Stripping links could unescape html fragments
2014-09-18 00:08:00 +08:00
fragment.css("a").each { |a| a.replace(a.inner_html) }
FIX: Strip links from google indexed bios when the users are new.
2013-06-06 03:28:10 +08:00
fragment.to_html
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
def self.make_all_links_absolute(doc)
doc
FIX: subfolder absolute links in summaries This fixes the `PrettyText.make_all_links_absolute` to better handle subfolder. In subfolder, when given the cooked version of a post, links to mentions includes the `Discourse.base_path` prefix. Adding the `Discourse.base_url` was doubling the `Discourse.base_path`. The issue was hidden behind the specs which was stubbing `Discourse.base_url` instead of relying on `Discourse.base_path`. This fixes both the "algorithm" used in `PrettyText.make_all_links_absolute` to better handle this case and correct the specs to properly handle subfolder cases. There are lots of changes in the specs due to a refactoring to use squiggly heredoc strings for easier reading and less escaping.
2024-05-22 03:53:03 +08:00
.css("a[href]")
.each do |a|
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
begin
FIX: subfolder absolute links in summaries This fixes the `PrettyText.make_all_links_absolute` to better handle subfolder. In subfolder, when given the cooked version of a post, links to mentions includes the `Discourse.base_path` prefix. Adding the `Discourse.base_url` was doubling the `Discourse.base_path`. The issue was hidden behind the specs which was stubbing `Discourse.base_url` instead of relying on `Discourse.base_path`. This fixes both the "algorithm" used in `PrettyText.make_all_links_absolute` to better handle this case and correct the specs to properly handle subfolder cases. There are lots of changes in the specs due to a refactoring to use squiggly heredoc strings for easier reading and less escaping.
2024-05-22 03:53:03 +08:00
href = a["href"].to_s
next if href.blank?
next if href.start_with?("mailto:")
next if href.start_with?(Discourse.base_url)
next if URI(href).host.present?
a["href"] = (
if href.start_with?(Discourse.base_path)
"#{Discourse.base_url_no_prefix}#{href}"
else
"#{Discourse.base_url}#{href}"
end
)
FIX: store the topic links using the cooked upload url
2018-08-14 18:23:32 +08:00
rescue URI::Error
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
# leave it
fix indent
2018-06-09 01:56:20 +08:00
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
end
end
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
FIX: Don't include image meta data when embedded in an email
2014-04-18 00:32:51 +08:00
def self.strip_image_wrapping(doc)
doc.css(".lightbox-wrapper .meta").remove
end
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
def self.strip_oneboxed_media(doc)
doc.css("audio").remove
FIX: Strip video oneboxes from excerpts Follows up on 49843f327e88538a487d37b5d3c288da15b99908 and removes onebox markup for videos too in the excerpt, this was previously being counted as part of the excerpt length.
2020-02-18 02:52:23 +08:00
doc.css(".video-onebox,video").remove
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
def self.convert_vimeo_iframes(doc)
doc
.css("iframe[src*='player.vimeo.com']")
.each do |iframe|
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
if iframe["data-original-href"].present?
DEV: Rename `UriHelper.escape_uri` to `.normalized_encode` This is a much better description of its function. It performs idempotent normalization of a URL. If consumers truly need to `encode` a URL (including double-encoding of existing encoded entities), they can use the existing `.encode` method.
2022-08-09 18:28:29 +08:00
vimeo_url = UrlHelper.normalized_encode(iframe["data-original-href"])
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
else
FIX: vimeo iframe url when data-original-href is missing (#18894)
2023-01-31 19:00:27 +08:00
vimeo_id = iframe["src"].split("/").last.sub("?h=", "/")
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
vimeo_url = "https://vimeo.com/#{vimeo_id}"
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FIX: Replace Vimeo iframes with a link in emails (#11443) This was implemented before, but it was not tested and broke at some point (probably Nokogiri update).
2020-12-09 20:58:36 +08:00
iframe.replace Nokogiri::HTML5.fragment("<p><a href='#{vimeo_url}'>#{vimeo_url}</a></p>")
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
end
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
def self.strip_secure_uploads(doc)
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# images inside a lightbox or other link
doc
.css("a[href]")
.each do |a|
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
next if !Upload.secure_uploads_url?(a["href"])
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
non_image_media = %w[video audio].include?(a&.parent&.name)
target = non_image_media ? a.parent : a
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
if target.to_s.include?("stripped-secure-view-media") ||
target.to_s.include?("stripped-secure-view-upload")
next
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
next if a.css("img[src]").empty? && !non_image_media
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
if a.classes.include?("lightbox")
img = a.css("img[src]").first
DEV: Fix various rubocop lints (#24749) These (21 + 3 from previous PRs) are soon to be enabled in rubocop-discourse: Capybara/VisibilityMatcher Lint/DeprecatedOpenSSLConstant Lint/DisjunctiveAssignmentInConstructor Lint/EmptyConditionalBody Lint/EmptyEnsure Lint/LiteralInInterpolation Lint/NonLocalExitFromIterator Lint/ParenthesesAsGroupedExpression Lint/RedundantCopDisableDirective Lint/RedundantRequireStatement Lint/RedundantSafeNavigation Lint/RedundantStringCoercion Lint/RedundantWithIndex Lint/RedundantWithObject Lint/SafeNavigationChain Lint/SafeNavigationConsistency Lint/SelfAssignment Lint/UnreachableCode Lint/UselessMethodDefinition Lint/Void Previous PRs: Lint/ShadowedArgument Lint/DuplicateMethods Lint/BooleanSymbol RSpec/SpecFilePathSuffix
2023-12-07 06:25:00 +08:00
srcset = img&.attributes&.[]("srcset")&.value
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
if srcset
# if available, use the first image from the srcset here
# so we get the optimized image instead of the possibly huge original
url = srcset.split(",").first
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
else
FIX: Safely skip secure_media steps when it's not enabled (#11110) * FIX: Safely skip secure_media steps when it's not enabled * DEV: Secure media tests should enable secure media
2020-11-04 00:53:15 +08:00
url = img["src"]
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
a.add_next_sibling secure_uploads_placeholder(
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
doc,
url,
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
width: img["width"],
height: img["height"],
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
)
a.remove
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
else
width = non_image_media ? nil : a.at_css("img").attr("width")
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
height = non_image_media ? nil : a.at_css("img").attr("height")
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
target.add_next_sibling secure_uploads_placeholder(
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
doc,
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
a["href"],
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
width: width,
height: height,
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
)
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
target.remove
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
end
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# images by themselves or inside a onebox
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
doc
.css("img[src]")
.each do |img|
FIX: Safely skip secure_media steps when it's not enabled (#11110) * FIX: Safely skip secure_media steps when it's not enabled * DEV: Secure media tests should enable secure media
2020-11-04 00:53:15 +08:00
url =
if img.parent.classes.include?("aspect-image") && img.attributes["srcset"].present?
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# we are using the first image from the srcset here so we get the
# optimized image instead of the original, because an optimized
# image may be used for the onebox thumbnail
srcset = img.attributes["srcset"].value
srcset.split(",").first
else
img["src"]
end
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
width = img["width"]
height = img["height"]
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
onebox_type = nil
if img.ancestors.css(".onebox-body").any?
if img.classes.include?("onebox-avatar-inline")
onebox_type = "avatar-inline"
else
onebox_type = "thumbnail"
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
end
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
# we always want this to be tiny and without any special styles
if img.classes.include?("site-icon")
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
onebox_type = nil
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
width = 16
height = 16
end
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
if Upload.secure_uploads_url?(url)
img.add_next_sibling secure_uploads_placeholder(
doc,
url,
onebox_type: onebox_type,
width: width,
height: height,
)
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
img.remove
DEV: Apply syntax_tree formatting to `lib/*`
2023-01-09 20:10:19 +08:00
end
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
end
end
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
def self.secure_uploads_placeholder(doc, url, onebox_type: false, width: nil, height: nil)
FIX: persist secure image width and height if is given (#10994) `max-width: 50%; max-height: 400px;` is a good fallback, however, if width and height are given and are smaller than fallback - we should persist that smaller size.
2020-10-22 10:25:09 +08:00
data_width = width ? "data-width=#{width}" : ""
data_height = height ? "data-height=#{height}" : ""
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
data_onebox_type = onebox_type ? "data-onebox-type='#{onebox_type}'" : ""
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
<<~HTML
DEV: Rename secure_media to secure_uploads (#18376) This commit renames all secure_media related settings to secure_uploads_* along with the associated functionality. This is being done because "media" does not really cover it, we aren't just doing this for images and videos etc. but for all uploads in the site. Additionally, in future we want to secure more types of uploads, and enable a kind of "mixed mode" where some uploads are secure and some are not, so keeping media in the name is just confusing. This also keeps compatibility with the `secure-media-uploads` path, and changes new secure URLs to be `secure-uploads`. Deprecated settings: * secure_media -> secure_uploads * secure_media_allow_embed_images_in_emails -> secure_uploads_allow_embed_images_in_emails * secure_media_max_email_embed_image_size_kb -> secure_uploads_max_email_embed_image_size_kb
2022-09-29 07:24:33 +08:00
<div class="secure-upload-notice" data-stripped-secure-upload="#{url}" #{data_onebox_type} #{data_width} #{data_height}>
#{I18n.t("emails.secure_uploads_placeholder")} <a class='stripped-secure-view-upload' href="#{url}">#{I18n.t("emails.view_redacted_media")}</a>.
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
</div>
HTML
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
end
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
def self.format_for_email(html, post = nil)
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
DiscourseEvent.trigger(:reduce_cooked, doc, post)
DEV: Rename with_secure_uploads? to should_secure_uploads? on Post (#26549) This method name is a bit confusing; with_secure_uploads implies it may return a block or something with the uploads of the post, and has_secure_uploads implies that it's checking whether the post is linked to any secure uploads. should_secure_uploads? communicates the true intent of this method -- which is to say whether uploads attached to this post should be secure or not.
2024-04-09 11:23:11 +08:00
strip_secure_uploads(doc) if post&.should_secure_uploads?
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
strip_image_wrapping(doc)
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
convert_vimeo_iframes(doc)
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
make_all_links_absolute(doc)
doc.to_html
FIX: emails with embedded posts should always use absolute URLs
2013-11-29 04:57:21 +08:00
end
refactor
2013-05-28 07:48:47 +08:00
protected
Initial release of Discourse
2013-02-06 03:16:51 +08:00
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
class JavaScriptError < StandardError
attr_accessor :message, :backtrace
def initialize(message, backtrace)
@message = message
@backtrace = backtrace
end
end
def self.protect
rval = nil
@mutex.synchronize { rval = yield }
rval
end
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
private
USER_TYPE ||= "user"
GROUP_TYPE ||= "group"
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
GROUP_MENTIONABLE_TYPE ||= "group-mentionable"
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
def self.add_mentions(doc, user_id: nil)
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
elements = doc.css("span.mention")
DEV: Remove unused variable.
2018-11-23 08:31:52 +08:00
names = elements.map { |element| element.text[1..-1] }
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
mentions = lookup_mentions(names, user_id: user_id)
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Ignore group mentions inside quotes (#8905) Also includes: * DEV: Reuse found elements
2020-02-11 01:31:42 +08:00
elements.each do |element|
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
name = element.text[1..-1]
name.downcase!
if type = mentions[name]
element.name = "a"
element.children = PrettyText::Helpers.format_username(element.children.text)
case type
when USER_TYPE
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element["href"] = "#{Discourse.base_path}/u/#{UrlHelper.encode_component(name)}"
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
when GROUP_MENTIONABLE_TYPE
element["class"] = "mention-group notify"
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element["href"] = "#{Discourse.base_path}/groups/#{UrlHelper.encode_component(name)}"
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
when GROUP_TYPE
element["class"] = "mention-group"
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element["href"] = "#{Discourse.base_path}/groups/#{UrlHelper.encode_component(name)}"
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
end
end
end
end
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
def self.lookup_mentions(names, user_id: nil)
Avoid DB query when there are no mentions.
2018-11-22 16:42:56 +08:00
return {} if names.blank?
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
sql = <<~SQL
(
SELECT
:user_type AS type,
username_lower AS name
FROM users
FIX: Staged users should not be mentionable.
2018-11-22 15:00:46 +08:00
WHERE username_lower IN (:names) AND staged = false
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
)
UNION
(
SELECT
:group_type AS type,
FIX: Fix mentions for mixed case group names
2018-11-26 23:34:56 +08:00
lower(name) AS name
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FROM groups
)
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
UNION
(
SELECT
:group_mentionable_type AS type,
lower(name) AS name
FROM groups
WHERE lower(name) IN (:names) AND (#{Group.mentionable_sql_clause(include_public: false)})
)
ORDER BY type
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
SQL
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
user = User.find_by(id: user_id)
FIX: Mention lookup should be case insensitive.
2018-11-22 16:32:56 +08:00
names.each(&:downcase!)
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
results =
DB.query(
sql,
names: names,
user_type: USER_TYPE,
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
group_type: GROUP_TYPE,
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
group_mentionable_type: GROUP_MENTIONABLE_TYPE,
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
levels: Group.alias_levels(user),
user_id: user_id,
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
)
mentions = {}
results.each { |result| mentions[result.name] = result.type }
mentions
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
def self.allowed_src_pattern
allowed_src_prefixes = [
Discourse.base_path,
Discourse.base_url,
GlobalSetting.s3_cdn_url,
GlobalSetting.cdn_url,
SiteSetting.external_emoji_url.presence,
*SiteSetting.block_hotlinked_media_exceptions.split("|"),
]
patterns =
allowed_src_prefixes.compact.map do |url|
pattern = Regexp.escape(url)
# If 'https://example.com' is allowed, ensure 'https://example.com.blah.com' is not
pattern += '(?:/|\z)' if !pattern.ends_with?("\/")
pattern
end
/\A(data:|#{patterns.join("|")})/
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
Reference in New Issue Copy Permalink