github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-11-23 03:54:59 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
df264e49a9
discourse/lib/pretty_text.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

721 lines
23 KiB
Ruby
Raw Normal View History

DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
# frozen_string_literal: true
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
require 'mini_racer'
Initial release of Discourse
2013-02-06 03:16:51 +08:00
require 'nokogiri'
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
require 'erb'
Initial release of Discourse
2013-02-06 03:16:51 +08:00
module PrettyText
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
DANGEROUS_BIDI_CHARACTERS = [
"\u202A",
"\u202B",
"\u202C",
"\u202D",
"\u202E",
"\u2066",
"\u2067",
"\u2068",
"\u2069",
].freeze
DANGEROUS_BIDI_REGEXP = Regexp.new(DANGEROUS_BIDI_CHARACTERS.join("|")).freeze
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
BLOCKED_HOTLINKED_SRC_ATTR = "data-blocked-hotlinked-src"
BLOCKED_HOTLINKED_SRCSET_ATTR = "data-blocked-hotlinked-srcset"
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
@mutex = Mutex.new
@ctx_init = Mutex.new
Initial release of Discourse
2013-02-06 03:16:51 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
def self.app_root
Rails.root
end
fix failing server side quote localisation change
2013-07-16 15:48:48 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
def self.find_file(root, filename)
return filename if File.file?("#{root}#{filename}")
FIX: Quoting an avatar when `default_avatars` was set was broken.
2015-03-13 03:51:28 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
es6_name = "#{filename}.js.es6"
return es6_name if File.file?("#{root}#{es6_name}")
Initial release of Discourse
2013-02-06 03:16:51 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
js_name = "#{filename}.js"
return js_name if File.file?("#{root}#{js_name}")
FEATURE: add title expansion for off topic quotes
2015-09-25 11:35:14 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
erb_name = "#{filename}.js.es6.erb"
return erb_name if File.file?("#{root}#{erb_name}")
Migrate pretty-text to `.js` extensions (#9243)
2020-03-20 21:55:42 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
erb_name = "#{filename}.js.erb"
return erb_name if File.file?("#{root}#{erb_name}")
end
FEATURE: Autolinking to category using hashtags.
2015-12-28 14:28:16 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
def self.apply_es6_file(ctx, root_path, part_name)
filename = find_file(root_path, part_name)
if filename
source = File.read("#{root_path}#{filename}")
Support for transpiling `.js` files (#9160) * Remove some `.es6` from comments where it does not matter * Use a post processor for transpilation This will allow us to eventually use the directory structure to transpile rather than the extension. * FIX: Some errors and clean up in confirm-new-email It would throw an error if the webauthn element wasn't present. Also I changed things so that no-module is not explicitly referenced. * Remove `no-module` Instead we allow a magic comment: `// discourse-skip-module` to prevent the asset pipeline from creating a module. * DEV: Enable babel transpilation based on directory If it's in `app/assets/javascripts/dicourse` it will be transpiled even without the `.es6` extension. * REFACTOR: Remove Tilt/ES6ModuleTranspiler
2020-03-11 21:43:55 +08:00
source = ERB.new(source).result(binding) if filename =~ /\.erb$/
FEATURE: Merge tagging plugin into core
2016-04-26 03:55:15 +08:00
Support for transpiling `.js` files (#9160) * Remove some `.es6` from comments where it does not matter * Use a post processor for transpilation This will allow us to eventually use the directory structure to transpile rather than the extension. * FIX: Some errors and clean up in confirm-new-email It would throw an error if the webauthn element wasn't present. Also I changed things so that no-module is not explicitly referenced. * Remove `no-module` Instead we allow a magic comment: `// discourse-skip-module` to prevent the asset pipeline from creating a module. * DEV: Enable babel transpilation based on directory If it's in `app/assets/javascripts/dicourse` it will be transpiled even without the `.es6` extension. * REFACTOR: Remove Tilt/ES6ModuleTranspiler
2020-03-11 21:43:55 +08:00
transpiler = DiscourseJsProcessor::Transpiler.new
transpiled = transpiler.perform(source, "#{Rails.root}/app/assets/javascripts/", part_name)
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
ctx.eval(transpiled)
else
# Look for vendored stuff
vendor_root = "#{Rails.root}/vendor/assets/javascripts/"
filename = find_file(vendor_root, part_name)
if filename
ctx.eval(File.read("#{vendor_root}#{filename}"))
FEATURE: Merge tagging plugin into core
2016-04-26 03:55:15 +08:00
end
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
def self.ctx_load_manifest(ctx, name)
manifest = File.read("#{Rails.root}/app/assets/javascripts/#{name}")
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
root_path = "#{Rails.root}/app/assets/javascripts/"
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
manifest.each_line do |l|
chomp before regex manifest
2016-08-25 19:45:29 +08:00
l = l.chomp
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
if l =~ /\/\/= require (\.\/)?(.*)$/
apply_es6_file(ctx, root_path, Regexp.last_match[2])
elsif l =~ /\/\/= require_tree (\.\/)?(.*)$/
path = Regexp.last_match[2]
FIX: Travis failure
2016-08-11 01:20:39 +08:00
Dir["#{root_path}/#{path}/**"].sort.each do |f|
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
apply_es6_file(ctx, root_path, f.sub(root_path, '')[1..-1].sub(/\.js(.es6)?$/, ''))
end
end
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
end
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
end
def self.create_es6_context
PERF: ensure we run full GC on contexts Prior to this change we would never clear memory from contexts and rely on V8 reacting to pressure This could lead to bloating of PrettyText and Transpiler contexts This optimisations ensures that we will clear memory 2 seconds after the last eval on the context
2020-05-15 12:01:54 +08:00
ctx = MiniRacer::Context.new(timeout: 25000, ensure_gc_after_idle: 2000)
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
ctx.eval("window = {}; window.devicePixelRatio = 2;") # hack to make code think stuff is retina
DEV: Connect pretty-text console to the Rails logger (#15909) This will allow pretty text deprecations / errors / warnings to appear in the Rails logs, rather than disappearing silently. (implementation adapted from `discourse_js_processor.rb`)
2022-02-12 01:16:27 +08:00
ctx.attach("rails.logger.info", proc { |err| Rails.logger.info(err.to_s) })
ctx.attach("rails.logger.warn", proc { |err| Rails.logger.warn(err.to_s) })
ctx.attach("rails.logger.error", proc { |err| Rails.logger.error(err.to_s) })
ctx.eval <<~JS
console = {
prefix: "[PrettyText] ",
log: function(...args){ rails.logger.info(console.prefix + args.join(" ")); },
warn: function(...args){ rails.logger.warn(console.prefix + args.join(" ")); },
error: function(...args){ rails.logger.error(console.prefix + args.join(" ")); }
}
JS
Revert "Revert Ember.run refactors" This reverts commit fcb1ca52f96bdff1a49d558a4ffb18107d8334de.
2019-10-30 21:48:24 +08:00
ctx.eval("__PRETTY_TEXT = true")
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
DEV: import I18n instead of global usage (#9768) Co-authored-by: Mark VanLandingham <markvanlan@gmail.com> Co-authored-by: Robin Ward <robin.ward@gmail.com> Co-authored-by: Mark VanLandingham <markvanlan@gmail.com>
2020-05-14 04:23:41 +08:00
PrettyText::Helpers.instance_methods.each do |method|
ctx.attach("__helpers.#{method}", PrettyText::Helpers.method(method))
end
DEV: Remove obsolete parts of our custom loader (#17157)
2022-06-21 00:40:25 +08:00
ctx_load(ctx, "#{Rails.root}/app/assets/javascripts/mini-loader.js")
DEV: Support for `import Handlebars from 'handlebars'`; (#9600) * Remove Handlebars.SafeString usage * DEV: Support for `import Handlebars from 'handlebars'`; * FIX: Sprockets was broken when `node_modules` was present By default the old version of sprockets looks for application.js anywhere, including in a node_modules folder if this exists (which it will when we move to Ember CLI.)
2020-05-01 04:41:02 +08:00
ctx_load(ctx, "#{Rails.root}/app/assets/javascripts/handlebars-shim.js")
DEV: Update xss.js (#17216) * DEV: Update xss.js * Fix our hack
2022-06-24 10:28:05 +08:00
ctx_load(ctx, "#{Rails.root}/app/assets/javascripts/node_modules/xss/dist/xss.min.js")
FIX: Missing files from previous commit
2020-09-15 22:59:41 +08:00
ctx.load("#{Rails.root}/lib/pretty_text/vendor-shims.js")
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
ctx_load_manifest(ctx, "pretty-text-bundle.js")
Feature: Change markdown engine to markdown it This commit removes the old evilstreak markdownjs engine. - Adds specs to WhiteLister and changes it to stop using globals (Fixes large memory leak) - Fixes edge cases around bbcode handling - Removes mdtest which is no longer valid (to be replaced with CommonMark) - Updates MiniRacer to correct minor unmanaged memory leak - Fixes plugin specs
2017-07-14 20:27:28 +08:00
ctx_load_manifest(ctx, "markdown-it-bundle.js")
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
root_path = "#{Rails.root}/app/assets/javascripts/"
Initial release of Discourse
2013-02-06 03:16:51 +08:00
DEV: Move `Discourse.getURL` and related functions to a module (#9966) * DEV: Move `Discourse.getURL` and related functions to a module * DEV: Remove `Discourse.getURL` and `Discourse.getURLWithCDN` * FIX: `get-url` is required for server side code * DEV: Deprecate `BaseUri` too.
2020-06-04 00:45:26 +08:00
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/get-url")
REFACTOR: Remove `_.merge`
2020-09-02 23:52:54 +08:00
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/object")
FIX: pretty text allow list (#10977) Reword whitelist to allowlist in pretty-text. This library is used by plugins so we need deprecation notice.
2020-10-28 10:22:06 +08:00
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/deprecated")
FIX: Escape Font Awesome icons (#12421) This is not a security issue because regular users are not allowed to insert FA icons anywhere in the app. Admins can insert icons via custom badges, but they do have the ability to create themes with JS.
2021-03-17 21:11:40 +08:00
apply_es6_file(ctx, root_path, "discourse-common/addon/lib/escape")
Load missing libraries for server-side PrettyText
2018-05-05 17:21:07 +08:00
apply_es6_file(ctx, root_path, "discourse/app/lib/to-markdown")
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
apply_es6_file(ctx, root_path, "discourse/app/lib/utilities")
ctx.load("#{Rails.root}/lib/pretty_text/shims.js")
ctx.eval("__setUnicode(#{Emoji.unicode_replacements_json})")
Replace Markdown parser.
2013-08-09 06:14:12 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
to_load = []
DiscoursePluginRegistry.each_globbed_asset do |a|
to_load << a if File.file?(a) && a =~ /discourse-markdown/
end
to_load.uniq.each do |f|
if f =~ /^.+assets\/javascripts\//
root = Regexp.last_match[0]
apply_es6_file(ctx, root, f.sub(root, '').sub(/\.js(\.es6)?$/, ''))
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
end
FEATURE: adds support for loading existing core asset in pretty text
2018-04-10 14:37:16 +08:00
DiscoursePluginRegistry.vendored_core_pretty_text.each do |vpt|
ctx.eval(File.read(vpt))
end
Allow plugins to add vendored files for the text pipeline
2017-04-19 05:49:56 +08:00
DiscoursePluginRegistry.vendored_pretty_text.each do |vpt|
ctx.eval(File.read(vpt))
end
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
ctx
end
def self.v8
return @ctx if @ctx
# ensure we only init one of these
@ctx_init.synchronize do
return @ctx if @ctx
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
@ctx = create_es6_context
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
end
FEATURE: support email attachments
2014-04-15 04:55:57 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
@ctx
end
FIX: allows to have custom emoji translation without static file (#9893)
2020-05-28 02:11:52 +08:00
def self.reset_translations
v8.eval("__resetTranslationTree()")
end
FEATURE: attempt to recover from corrupt markdown engine
2014-11-14 14:51:04 +08:00
def self.reset_context
@ctx_init.synchronize do
Fix broken specs.
2017-07-20 12:17:45 +08:00
@ctx&.dispose
FEATURE: attempt to recover from corrupt markdown engine
2014-11-14 14:51:04 +08:00
@ctx = nil
end
end
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
# Acceptable options:
#
# disable_emojis - Disables the emoji markdown engine.
# features - A hash where the key is the markdown feature name and the value is a boolean to enable/disable the markdown feature.
# The hash is merged into the default features set in pretty-text.js which can be used to add new features or disable existing features.
# features_override - An array of markdown feature names to override the default markdown feature set. Currently used by plugins to customize what features should be enabled
# when rendering markdown.
# markdown_it_rules - An array of markdown rule names which will be applied to the markdown-it engine. Currently used by plugins to customize what markdown-it rules should be
# enabled when rendering markdown.
# topic_id - Topic id for the post being cooked.
# user_id - User id for the post being cooked.
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
# force_quote_link - Always create the link to the quoted topic for [quote] bbcode. Normally this only happens
# if the topic_id provided is different from the [quote topic:X].
FEATURE: Admins should be able to create polls even when plugin is disabled.
2016-07-07 15:52:56 +08:00
def self.markdown(text, opts = {})
Initial release of Discourse
2013-02-06 03:16:51 +08:00
# we use the exact same markdown converter as the client
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
# TODO: use the same extensions on both client and server (in particular the template for mentions)
Initial release of Discourse
2013-02-06 03:16:51 +08:00
baked = nil
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
text = text || ""
Initial release of Discourse
2013-02-06 03:16:51 +08:00
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
protect do
avoid calling v8 multiple times ( makes certain testing simpler)
2013-08-16 11:03:47 +08:00
context = v8
Upgraded and refactored Sanitizing. Much less crap should get through now! Conflicts: app/assets/javascripts/discourse/components/syntax_highlighting.js
2013-10-12 04:24:27 +08:00
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
custom_emoji = {}
FIX: custom emojis leaking over multisites
2016-11-18 02:35:39 +08:00
Emoji.custom.map { |e| custom_emoji[e.name] = e.url }
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
# note, any additional options added to __optInput here must be
# also be added to the buildOptions function in pretty-text.js,
# otherwise they will be discarded
DEV: enable frozen string literal on all files This reduces chances of errors where consumers of strings mutate inputs and reduces memory usage of the app. Test suite passes now, but there may be some stuff left, so we will run a few sites on a branch prior to merging
2019-05-03 06:17:27 +08:00
buffer = +<<~JS
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput = {};
__optInput.siteSettings = #{SiteSetting.client_settings_json};
DEV: Switch `InlineUploads` to a regexp based implementation.
2019-06-03 15:41:26 +08:00
#{"__optInput.disableEmojis = true" if opts[:disable_emojis]}
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
__paths = #{paths_json};
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getURL = __getURL;
FEATURE: Allow Markdown in post notices. (#7864)
2019-07-09 19:42:02 +08:00
#{"__optInput.features = #{opts[:features].to_json};" if opts[:features]}
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
#{"__optInput.featuresOverride = #{opts[:features_override].to_json};" if opts[:features_override]}
#{"__optInput.markdownItRules = #{opts[:markdown_it_rules].to_json};" if opts[:markdown_it_rules]}
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getCurrentUser = __getCurrentUser;
__optInput.lookupAvatar = __lookupAvatar;
Adds primary user group as a class to quote (#5285) * Adds primary user group as a class to quote This feature addition will add the class `group-PRIMARY_USER_GROUP` to the quote `aside`. `PRIMARY_USER_GROUP` will be the primary user group of the user being quoted. This is similar to the class that is added to a `topic-post`. * Remove trailing whitespace * Fix avatar in test * Address PR comments * Fix trailing whitespace
2017-11-03 21:51:40 +08:00
__optInput.lookupPrimaryUserGroup = __lookupPrimaryUserGroup;
Add quote and mention support for username formatters
2017-11-21 05:28:03 +08:00
__optInput.formatUsername = __formatUsername;
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
__optInput.getTopicInfo = __getTopicInfo;
__optInput.categoryHashtagLookup = __categoryLookup;
__optInput.customEmoji = #{custom_emoji.to_json};
FIX: allows to have custom emoji translation without static file (#9893)
2020-05-28 02:11:52 +08:00
__optInput.customEmojiTranslation = #{Plugin::CustomEmoji.translations.to_json};
implement unicode emoji replacements
2017-06-29 01:47:22 +08:00
__optInput.emojiUnicodeReplacer = __emojiUnicodeReplacer;
FEATURE: Support `[description|attachment](upload://<short-sha>)` in MD take 2. Previous attempt was missing `post_uploads` records.
2019-05-29 09:00:25 +08:00
__optInput.lookupUploadUrls = __lookupUploadUrls;
FIX: Various watched words improvements - Client-side censoring fixed for non-chrome browsers. (Regular expression rewritten to avoid lookback) - Regex generation is now done on the server, to reduce repeated logic, and make it easier to extend in plugins - Censor tests are moved to ruby, to ensure everything works end-to-end - If "watched words regular expressions" is enabled, warn the admin when the generated regex is invalid
2019-08-01 01:33:49 +08:00
__optInput.censoredRegexp = #{WordWatcher.word_matcher_regexp(:censor)&.source.to_json};
FIX: Split link watched words from replace (#13196) It was not clear that replace watched words can be used to replace text with URLs. This introduces a new watched word type that makes it easier to understand.
2021-06-02 13:36:49 +08:00
__optInput.watchedWordsReplace = #{WordWatcher.word_matcher_regexps(:replace).to_json};
__optInput.watchedWordsLink = #{WordWatcher.word_matcher_regexps(:link).to_json};
DEV: Add markdown_additional_options to Site (#15738) Sometimes plugins need to have additional data or options available when rendering custom markdown features/rules that are not available on the default opts.discourse object. These additional options should be namespaced to the plugin adding them. ``` Site.markdown_additional_options["chat"] = { limited_pretty_text_markdown_rules: [] } ``` These are passed down to markdown rules on opts.discourse.additionalOptions. The main motivation for adding this is the chat plugin, which currently stores chat_pretty_text_features and chat_pretty_text_markdown_rules on the Site object via additions to the serializer, and the Site object is not accessible to import via markdown rules (either through Site.current() or through container.lookup). So, to have this working for both front + backend code, we need to attach these additional options from the Site object onto the markdown options object.
2022-01-28 11:02:02 +08:00
__optInput.additionalOptions = #{Site.markdown_additional_options.to_json};
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
JS
FEATURE: Customizable rules and plugins for `PrettyText.markdown`. This commit extends the options which can be passed to `PrettyText.markdown` so that which Markdown-it rules and Discourse Markdown plugins to be used when rendering a text can be customizable. Currently, this extension is mainly used by plugins.
2022-01-06 15:27:12 +08:00
if opts[:topic_id]
buffer << "__optInput.topicId = #{opts[:topic_id].to_i};\n"
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
end
DEV: Add force_quote_link option to PrettyText (#16034) This option will make it so the [quote] bbcode will always include the HTML link to the quoted post, even if a topic_id is not provided in the PrettyText#cook options. This is so [quote] bbcode can be used in other places, like chat messages, that always need the link and do not have an "off-topic" ID to use.
2022-02-23 14:13:46 +08:00
if opts[:force_quote_link]
buffer << "__optInput.forceQuoteLink = #{opts[:force_quote_link]};\n"
end
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
if opts[:user_id]
buffer << "__optInput.userId = #{opts[:user_id].to_i};\n"
end
buffer << "__textOptions = __buildOptions(__optInput);\n"
Feature: Change markdown engine to markdown it This commit removes the old evilstreak markdownjs engine. - Adds specs to WhiteLister and changes it to stop using globals (Fixes large memory leak) - Fixes edge cases around bbcode handling - Removes mdtest which is no longer valid (to be replaced with CommonMark) - Updates MiniRacer to correct minor unmanaged memory leak - Fixes plugin specs
2017-07-14 20:27:28 +08:00
buffer << ("__pt = new __PrettyText(__textOptions);")
FIX: Allow disabling of sanitization (for email customiaztions)
2016-08-12 02:59:20 +08:00
# Be careful disabling sanitization. We allow for custom emails
if opts[:sanitize] == false
Feature: Change markdown engine to markdown it This commit removes the old evilstreak markdownjs engine. - Adds specs to WhiteLister and changes it to stop using globals (Fixes large memory leak) - Fixes edge cases around bbcode handling - Removes mdtest which is no longer valid (to be replaced with CommonMark) - Updates MiniRacer to correct minor unmanaged memory leak - Fixes plugin specs
2017-07-14 20:27:28 +08:00
buffer << ('__pt.disableSanitizer();')
FIX: Allow disabling of sanitization (for email customiaztions)
2016-08-12 02:59:20 +08:00
end
Feature: CommonMark support This adds the markdown.it engine to Discourse. https://github.com/markdown-it/markdown-it As the migration is going to take a while the new engine is default disabled. To enable it you must change the hidden site setting: enable_experimental_markdown_it. This commit is a squash of many other commits, it also includes some improvements to autospec (ability to run plugins), and a dev dependency on the og gem for html normalization.
2017-06-09 06:02:30 +08:00
opts = context.eval(buffer)
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
FEATURE: DiscourseEvent hook for server side markdown context.
2016-01-29 22:59:15 +08:00
DiscourseEvent.trigger(:markdown_context, context)
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
baked = context.eval("__pt.cook(#{text.inspect})")
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
baked
end
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
def self.paths_json
paths = {
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
baseUri: Discourse.base_path,
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
CDN: Rails.configuration.action_controller.asset_host,
}
if SiteSetting.Upload.enable_s3_uploads
if SiteSetting.Upload.s3_cdn_url.present?
paths[:S3CDN] = SiteSetting.Upload.s3_cdn_url
end
paths[:S3BaseUrl] = Discourse.store.absolute_base_url
end
paths.to_json
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
# leaving this here, cause it invokes v8, don't want to implement twice
custom avatar support
2013-08-14 04:08:29 +08:00
def self.avatar_img(avatar_template, size)
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
protect do
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
v8.eval(<<~JS)
__paths = #{paths_json};
__utils.avatarImg({size: #{size.inspect}, avatarTemplate: #{avatar_template.inspect}}, __getURL);
JS
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
end
FIX: unescape emojis in digests
2015-10-15 15:59:29 +08:00
def self.unescape_emoji(title)
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
return title unless SiteSetting.enable_emoji? && title
REFACTOR: Migrate markdown functionality in ES6
2016-06-15 02:31:51 +08:00
set = SiteSetting.emoji_set.inspect
FIX: Fixed custom emoji circumventing "max emojis in topic title" set… (#7116)
2019-03-06 19:49:17 +08:00
custom = Emoji.custom.map { |e| [e.name, e.url] }.to_h.to_json
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
FIX: unescape emojis in digests
2015-10-15 15:59:29 +08:00
protect do
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
v8.eval(<<~JS)
__paths = #{paths_json};
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
__performEmojiUnescape(#{title.inspect}, {
getURL: __getURL,
emojiSet: #{set},
FIX: Missing quote in emoji cdn setting caused by 83f332b (#12280)
2021-03-04 04:39:00 +08:00
emojiCDNUrl: "#{SiteSetting.external_emoji_url.blank? ? "" : SiteSetting.external_emoji_url}",
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
customEmoji: #{custom},
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
enableEmojiShortcuts: #{SiteSetting.enable_emoji_shortcuts},
inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
});
FIX: Paths used by PrettyText were not always initialized
2018-05-23 22:47:09 +08:00
JS
FIX: unescape emojis in digests
2015-10-15 15:59:29 +08:00
end
end
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
def self.escape_emoji(title)
return unless title
FIX: Don't convert :) into Emoji when emojis or emoji shurtcuts are disabled
2019-05-21 22:56:51 +08:00
replace_emoji_shortcuts = SiteSetting.enable_emoji && SiteSetting.enable_emoji_shortcuts
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
protect do
v8.eval(<<~JS)
FIX: Respect `enable_inline_emoji_translation` setting in titles
2019-12-04 00:32:33 +08:00
__performEmojiEscape(#{title.inspect}, {
emojiShortcuts: #{replace_emoji_shortcuts},
inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
});
UX: Better emoji escaping for topic title (#7218) * FIX: Fixed failing discourse-prometheus-alert-receiver plugin specs
2019-03-21 16:11:33 +08:00
JS
end
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
def self.cook(text, opts = {})
- FEATURE: revamped poll plugin - add User.staff scope - inject MessageBus into Ember views (so it can be used by the poll plugin) - REFACTOR: use more accurate is_first_post? method instead of post_number == 1 - FEATURE: add support for JSON-typed custom fields - FEATURE: allow plugins to add validation - FEATURE: add post_custom_fields to PostSerializer - FEATURE: allow plugins to whitelist post_custom_fields - FIX: don't bump when post did not save successfully - FEATURE: polls are supported in any post - FEATURE: allow for multiple polls in the same post - FEATURE: multiple choice polls - FEATURE: rating polls - FEATURE: new dialect allowing users to preview polls in the composer
2015-04-24 01:33:29 +08:00
options = opts.dup
PERF: Use a regexp for unicode replacements
2015-12-31 03:35:25 +08:00
working_text = text.dup
FEATURE: add censored_pattern setting to censor posts using regex
2016-11-09 05:36:34 +08:00
Remove censored_pattern site setting, which is replaced by watched words
2018-02-27 04:48:59 +08:00
sanitized = markdown(working_text, options)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(sanitized)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
add_nofollow = !options[:omit_nofollow] && SiteSetting.add_rel_nofollow_to_user_content
add_rel_attributes_to_user_content(doc, add_nofollow)
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
strip_hidden_unicode_bidirectional_characters(doc)
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
sanitize_hotlinked_media(doc)
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
if SiteSetting.enable_mentions
add_mentions(doc, user_id: opts[:user_id])
end
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
scrubber = Loofah::Scrubber.new do |node|
node.remove if node.name == 'script'
end
loofah_fragment = Loofah.fragment(doc.to_html)
loofah_fragment.scrub!(scrubber).to_html
FEATURE: allow users to pick a CDN for s3 assets
2015-05-26 09:13:12 +08:00
end
SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) When rendering the markdown code blocks we replace the offending characters in the output string with spans highlighting a textual representation of the character, along with a title attribute with information about why the character was highlighted. The list of characters stripped by this fix, which are the bidirectional characters considered relevant, are: U+202A U+202B U+202C U+202D U+202E U+2066 U+2067 U+2068 U+2069
2021-11-22 08:43:03 +08:00
def self.strip_hidden_unicode_bidirectional_characters(doc)
return if !DANGEROUS_BIDI_REGEXP.match?(doc.content)
doc.css("code,pre").each do |code_tag|
next if !DANGEROUS_BIDI_REGEXP.match?(code_tag.content)
DANGEROUS_BIDI_CHARACTERS.each do |bidi|
next if !code_tag.content.include?(bidi)
formatted = "&lt;U+#{bidi.ord.to_s(16).upcase}&gt;"
code_tag.inner_html = code_tag.inner_html.gsub(
bidi,
"<span class=\"bidi-warning\" title=\"#{I18n.t("post.hidden_bidi_character")}\">#{formatted}</span>"
)
end
end
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
def self.sanitize_hotlinked_media(doc)
return if !SiteSetting.block_hotlinked_media
allowed_pattern = allowed_src_pattern
doc.css("img[src], source[src], source[srcset], track[src]").each do |el|
if el["src"] && !el["src"].match?(allowed_pattern)
el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] = el.delete("src")
end
if el["srcset"]
srcs = el["srcset"].split(',').map { |e| e.split(' ', 2)[0].presence }
if srcs.any? { |src| !src.match?(allowed_pattern) }
el[PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR] = el.delete("srcset")
end
end
end
end
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
def self.add_rel_attributes_to_user_content(doc, add_nofollow)
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
allowlist = []
formatting
2013-02-11 16:01:33 +08:00
relocate emoji plugin, stop pre-compiling assets
2013-11-20 11:38:21 +08:00
domains = SiteSetting.exclude_rel_nofollow_domains
FIX: use allowlist and blocklist terminology (#10209) This is a PR of the renaming whitelist to allowlist and blacklist to the blocklist.
2020-07-27 08:23:54 +08:00
allowlist = domains.split('|') if domains.present?
formatting
2013-02-11 16:01:33 +08:00
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
site_uri = nil
doc.css("a").each do |l|
href = l["href"].to_s
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
l["rel"] = "noopener" if l["target"] == "_blank"
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
begin
FIX: remove deprecated URI.escape (#9697) During Nokogumbo changes I introduced back URI.escape which is deprecated.
2020-05-08 09:14:59 +08:00
uri = URI(UrlHelper.encode_component(href))
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
site_uri ||= URI(Discourse.base_url)
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
same_domain = !uri.host.present? ||
uri.host == site_uri.host ||
uri.host.ends_with?(".#{site_uri.host}") ||
allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }
l["rel"] = "noopener nofollow ugc" if add_nofollow && !same_domain
FIX: store the topic links using the cooked upload url
2018-08-14 18:23:32 +08:00
rescue URI::Error
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
# add a nofollow anyway
FIX: Make sure rel attributes are correctly set. (#10645) We must guarantee that "rel=noopener" was set if "target=_blank" is present, which is not always the case for trusted users. Also, if the link contains the "nofollow" attribute, it has to have the "ugc" attribute as well.
2020-09-10 23:59:51 +08:00
l["rel"] = "noopener nofollow ugc"
rel nofollow, on by default to protect forums from spam etc. we should consider lifting it at high trust by default.
2013-02-11 08:43:07 +08:00
end
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
class DetectedLink < Struct.new(:url, :is_quote); end
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
Initial release of Discourse
2013-02-06 03:16:51 +08:00
def self.extract_links(html)
links = []
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
FIX: Do not check for duplicate links in Onebox (#13345) If a user posted a URL that appeared inside a Onebox, then the user got a duplicate link notice. This was fixed by skipping those links in Ruby. If a user posted a URL that was Oneboxes and contained other links that appeared in previous posts, then the user got a duplicate link notice. This was fixed by skipping those links in JavaScript.
2021-06-18 23:55:24 +08:00
# extract onebox links
doc.css("aside.onebox[data-onebox-src]").each { |onebox| links << DetectedLink.new(onebox["data-onebox-src"], false) }
# remove href inside quotes & oneboxes & elided part
doc.css("aside.quote a, aside.onebox a, .elided a").remove
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
FIX: Improve top links section from user summary (#15675) * Do not extract links for hotlinked images * Include only links that have been clicked at least once in user summary
2022-01-24 08:33:23 +08:00
# remove hotlinked images
doc.css("a.onebox > img").each { |img| img.parent.remove }
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract all links
doc.css("a").each do |a|
DEV: stop freezing frozen strings We have the `# frozen_string_literal: true` comment on all our files. This means all string literals are frozen. There is no need to call #freeze on any literals. For files with `# frozen_string_literal: true` ``` puts %w{a b}[0].frozen? => true puts "hi".frozen? => true puts "a #{1} b".frozen? => true puts ("a " + "b").frozen? => false puts (-("a " + "b")).frozen? => true ``` For more details see: https://samsaffron.com/archive/2018/02/16/reducing-string-duplication-in-ruby
2020-04-30 14:48:34 +08:00
if a["href"].present? && a["href"][0] != "#"
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
links << DetectedLink.new(a["href"], false)
FEATURE: First Quote badge
2014-07-11 12:17:01 +08:00
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
end
remove trailing whitespaces :heart:
2013-02-26 00:42:20 +08:00
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract quotes
doc.css("aside.quote[data-topic]").each do |aside|
if aside["data-topic"].present?
FIX: Don't add a slug to constructed quote urls (#12052) A topic with the slug 'topic' might exist and may end up being linked to by mistake when malformed (i.e. cross-site) quotes are posted.
2021-02-12 02:21:13 +08:00
url = +"/t/#{aside["data-topic"]}"
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
url << "/#{aside["data-post"]}" if aside["data-post"].present?
links << DetectedLink.new(url, true)
Fix bug where links to posts weren't being tracked
2013-02-14 04:22:04 +08:00
end
end
FIX: wasn't extracting links to quoted posts
2017-02-06 21:45:04 +08:00
# extract Youtube links
doc.css("div[data-youtube-id]").each do |div|
if div["data-youtube-id"].present?
links << DetectedLink.new("https://www.youtube.com/watch?v=#{div['data-youtube-id']}", false)
end
FIX: Consider lazyYT divs as links when extracting
2016-09-23 04:50:05 +08:00
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
links
end
refactor
2013-05-28 07:48:47 +08:00
def self.excerpt(html, max_length, options = {})
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
# TODO: properly fix this HACK in ExcerptParser without introducing XSS
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
FEATURE: Implement Onebox for posts including polls. (#7539)
2019-05-29 23:05:52 +08:00
DiscourseEvent.trigger(:reduce_excerpt, doc, options)
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
strip_image_wrapping(doc)
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
strip_oneboxed_media(doc)
FIX: remove meta data from lightbox in both excerpt (html & text)
2014-11-06 03:37:00 +08:00
html = doc.to_html
refactor
2013-05-28 07:48:47 +08:00
ExcerptParser.get_excerpt(html, max_length, options)
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
FIX: Strip links from google indexed bios when the users are new.
2013-06-06 03:28:10 +08:00
def self.strip_links(string)
return string if string.blank?
# If the user is not basic, strip links from their bio
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
fragment = Nokogiri::HTML5.fragment(string)
SECURITY: Stripping links could unescape html fragments
2014-09-18 00:08:00 +08:00
fragment.css('a').each { |a| a.replace(a.inner_html) }
FIX: Strip links from google indexed bios when the users are new.
2013-06-06 03:28:10 +08:00
fragment.to_html
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
def self.make_all_links_absolute(doc)
site_uri = nil
doc.css("a").each do |link|
href = link["href"].to_s
begin
uri = URI(href)
site_uri ||= URI(Discourse.base_url)
FIX: broken mailto href's in emails
2018-06-09 01:11:52 +08:00
unless uri.host.present? || href.start_with?('mailto')
link["href"] = "#{site_uri}#{link['href']}"
fix indent
2018-06-09 01:56:20 +08:00
end
FIX: store the topic links using the cooked upload url
2018-08-14 18:23:32 +08:00
rescue URI::Error
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
# leave it
end
end
end
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
FIX: Don't include image meta data when embedded in an email
2014-04-18 00:32:51 +08:00
def self.strip_image_wrapping(doc)
doc.css(".lightbox-wrapper .meta").remove
end
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
def self.strip_oneboxed_media(doc)
doc.css("audio").remove
FIX: Strip video oneboxes from excerpts Follows up on 49843f327e88538a487d37b5d3c288da15b99908 and removes onebox markup for videos too in the excerpt, this was previously being counted as part of the excerpt length.
2020-02-18 02:52:23 +08:00
doc.css(".video-onebox,video").remove
FIX: Strip audio/video content from excerpt (#8881)
2020-02-07 04:08:13 +08:00
end
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
def self.convert_vimeo_iframes(doc)
doc.css("iframe[src*='player.vimeo.com']").each do |iframe|
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
if iframe["data-original-href"].present?
FIX: escape Vimeo iframe URL
2019-05-09 23:37:55 +08:00
vimeo_url = UrlHelper.escape_uri(iframe["data-original-href"])
FIX: get vimeo URL from `data-original-href` iframe attribute
2019-04-26 19:39:18 +08:00
else
vimeo_id = iframe['src'].split('/').last
vimeo_url = "https://vimeo.com/#{vimeo_id}"
end
FIX: Replace Vimeo iframes with a link in emails (#11443) This was implemented before, but it was not tested and broke at some point (probably Nokogiri update).
2020-12-09 20:58:36 +08:00
iframe.replace Nokogiri::HTML5.fragment("<p><a href='#{vimeo_url}'>#{vimeo_url}</a></p>")
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
end
end
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
def self.strip_secure_media(doc)
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# images inside a lightbox or other link
doc.css('a[href]').each do |a|
next if !Upload.secure_media_url?(a['href'])
non_image_media = %w(video audio).include?(a&.parent&.name)
target = non_image_media ? a.parent : a
next if target.to_s.include?('stripped-secure-view-media')
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
next if a.css('img[src]').empty? && !non_image_media
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
if a.classes.include?('lightbox')
img = a.css('img[src]').first
FIX: secure_media stripping on lightboxes, non-image links (#11121) - Fixes stripping of lightboxes with empty srcset attribute - Does not fail when email has links with secure media URLs but no child image elements
2020-11-05 04:45:50 +08:00
srcset = img&.attributes['srcset']&.value
if srcset
# if available, use the first image from the srcset here
# so we get the optimized image instead of the possibly huge original
url = srcset.split(',').first
else
url = img['src']
end
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
a.add_next_sibling secure_media_placeholder(doc, url, width: img['width'], height: img['height'])
a.remove
else
width = non_image_media ? nil : a.at_css('img').attr('width')
height = non_image_media ? nil : a.at_css('img').attr('height')
FIX: persist secure image width and height if is given (#10994) `max-width: 50%; max-height: 400px;` is a good fallback, however, if width and height are given and are smaller than fallback - we should persist that smaller size.
2020-10-22 10:25:09 +08:00
target.add_next_sibling secure_media_placeholder(doc, a['href'], width: width, height: height)
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
target.remove
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
end
end
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# images by themselves or inside a onebox
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
doc.css('img[src]').each do |img|
FIX: Safely skip secure_media steps when it's not enabled (#11110) * FIX: Safely skip secure_media steps when it's not enabled * DEV: Secure media tests should enable secure media
2020-11-04 00:53:15 +08:00
url = if img.parent.classes.include?("aspect-image") && img.attributes["srcset"].present?
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
# we are using the first image from the srcset here so we get the
# optimized image instead of the original, because an optimized
# image may be used for the onebox thumbnail
srcset = img.attributes["srcset"].value
srcset.split(",").first
else
img['src']
end
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
width = img['width']
height = img['height']
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
onebox_type = nil
if img.ancestors.css(".onebox-body").any?
if img.classes.include?("onebox-avatar-inline")
onebox_type = "avatar-inline"
else
onebox_type = "thumbnail"
end
end
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
# we always want this to be tiny and without any special styles
if img.classes.include?('site-icon')
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
onebox_type = nil
FIX: Make secure image onebox check more robust (#11179) When embedding secure images which have been oneboxed, we checked to see if the image's parent's parent had the class onebox-body. This was not always effective as if the image does not get resized/optimized then it does not have the aspect-image div wrapping it. This would cause the image to embed in the email but be huge. This PR changes the check to see if any of the image's ancestors have the class onebox-body, or if the image has the onebox-avatar class to account for variations in HTML structure.
2020-11-10 10:55:18 +08:00
width = 16
height = 16
end
FIX: Ensure oneboxed secure images which are optimized and also lightboxed optimized images are embedded in email (#11061) We had an issue where onebox thumbnail was too large and thus was optimized, and we are using the image URLs in post to redact and re-embed, based on the sha1 in the URL. Optimized image URLs have extra stuff on the end like _99x99 so we were not parsing out the sha1 correctly. Another issue I found was for posts that have giant images, the original was being used to embed in the email and thus would basically never get included because it is huge. For example the URL http://localhost:3000/secure-media-uploads/optimized/2X/7/787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg was not parsed correctly; we would end up with 787b17ea6140f4f022eb7f1509a692f2873cfe35_2_690x335.jpeg as the sha1 which would not find the image to re-embed that was already attached to the email. This fix will use the first optimized image of the detected upload when we are redacting and then re-embedding to make sure we are not sending giant things in email. Also, I detect if it is a onebox thumbnail or the site icon and force appropriate sizes and styles.
2020-11-02 07:52:21 +08:00
if Upload.secure_media_url?(url)
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
img.add_next_sibling secure_media_placeholder(doc, url, onebox_type: onebox_type, width: width, height: height)
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
img.remove
end
end
end
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
def self.secure_media_placeholder(doc, url, onebox_type: false, width: nil, height: nil)
FIX: persist secure image width and height if is given (#10994) `max-width: 50%; max-height: 400px;` is a good fallback, however, if width and height are given and are smaller than fallback - we should persist that smaller size.
2020-10-22 10:25:09 +08:00
data_width = width ? "data-width=#{width}" : ''
data_height = height ? "data-height=#{height}" : ''
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
data_onebox_type = onebox_type ? "data-onebox-type='#{onebox_type}'" : ''
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
<<~HTML
FIX: Inline avatar style for onebox when embedding secure images (#11229) When embedding secure images that are inline-avatars for oneboxes we weren't applying the correct sizing/style.
2020-11-16 07:58:40 +08:00
<div class="secure-media-notice" data-stripped-secure-media="#{url}" #{data_onebox_type} #{data_width} #{data_height}>
FEATURE: Allow email image embed with secure media (#10563) This PR introduces a few important changes to secure media redaction in emails. First of all, two new site settings have been introduced: * `secure_media_allow_embed_images_in_emails`: If enabled we will embed secure images in emails instead of redacting them. * `secure_media_max_email_embed_image_size_kb`: The cap to the size of the secure image we will embed, defaulting to 1mb, so the email does not become too big. Max is 10mb. Works in tandem with `email_total_attachment_size_limit_kb`. `Email::Sender` will now attach images to the email based on these settings. The sender will also call `inline_secure_images` in `Email::Styles` after secure media is redacted and attachments are added to replace redaction messages with attached images. I went with attachment and `cid` URLs because base64 image support is _still_ flaky in email clients. All redaction of secure media is now handled in `Email::Styles` and calls out to `PrettyText.strip_secure_media` to do the actual stripping and replacing with placeholders. `app/mailers/group_smtp_mailer.rb` and `app/mailers/user_notifications.rb` no longer do any stripping because they are earlier in the pipeline than `Email::Styles`. Finally the redaction notice has been restyled and includes a link to the media that the user can click, which will show it to them if they have the necessary permissions. ![image](https://user-images.githubusercontent.com/920448/92341012-b9a2c380-f0ff-11ea-860e-b376b4528357.png)
2020-09-10 07:50:16 +08:00
#{I18n.t('emails.secure_media_placeholder')} <a class='stripped-secure-view-media' href="#{url}">#{I18n.t("emails.view_redacted_media")}</a>.
</div>
HTML
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
end
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
def self.format_for_email(html, post = nil)
FEATURE: Nokogumbo (#9577) * FEATURE: Nokogumbo Use Nokogumbo HTML parser.
2020-05-05 11:46:57 +08:00
doc = Nokogiri::HTML5.fragment(html)
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
DiscourseEvent.trigger(:reduce_cooked, doc, post)
FEATURE: Add support for secure media (#7888) This PR introduces a new secure media setting. When enabled, it prevent unathorized access to media uploads (files of type image, video and audio). When the `login_required` setting is enabled, then all media uploads will be protected from unauthorized (anonymous) access. When `login_required`is disabled, only media in private messages will be protected from unauthorized access. A few notes: - the `prevent_anons_from_downloading_files` setting no longer applies to audio and video uploads - the `secure_media` setting can only be enabled if S3 uploads are already enabled and configured - upload records have a new column, `secure`, which is a boolean `true/false` of the upload's secure status - when creating a public post with an upload that has already been uploaded and is marked as secure, the post creator will raise an error - when enabling or disabling the setting on a site with existing uploads, the rake task `uploads:ensure_correct_acl` should be used to update all uploads' secure status and their ACL on S3
2019-11-18 09:25:42 +08:00
strip_secure_media(doc) if post&.with_secure_media?
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
strip_image_wrapping(doc)
FIX: format posts for embedded comments as we do for emails
2018-05-10 01:24:44 +08:00
convert_vimeo_iframes(doc)
Apply notification styles to mailing list email manually (#4283) * Apply notification styles to mailing list email manually * Fix failing spec
2016-06-21 23:12:30 +08:00
make_all_links_absolute(doc)
doc.to_html
FIX: emails with embedded posts should always use absolute URLs
2013-11-29 04:57:21 +08:00
end
refactor
2013-05-28 07:48:47 +08:00
protected
Initial release of Discourse
2013-02-06 03:16:51 +08:00
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
class JavaScriptError < StandardError
attr_accessor :message, :backtrace
def initialize(message, backtrace)
@message = message
@backtrace = backtrace
end
end
def self.protect
rval = nil
@mutex.synchronize do
FEATURE: upgrade from therubyracer to mini_racer This pushes our internal V8 JavaScript engine from Chrome 32 to 50. It also resolves some long standing issues we had with the old wrapper.
2016-05-19 20:25:08 +08:00
rval = yield
BUGFIX: JS errors could crash our process
2014-02-04 08:12:53 +08:00
end
rval
end
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
def self.ctx_load(ctx, *files)
refactor
2013-05-28 07:48:47 +08:00
files.each do |file|
Revert "Revert "eliminate a class of v8 initialization bugs due to concurrency in sidekiq"" This reverts commit f1a693c8b78c7367ea3a4e95d3c0bc922204545a.
2013-08-16 06:12:10 +08:00
ctx.load(app_root + file)
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
end
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
private
USER_TYPE ||= 'user'
GROUP_TYPE ||= 'group'
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
GROUP_MENTIONABLE_TYPE ||= 'group-mentionable'
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
def self.add_mentions(doc, user_id: nil)
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
elements = doc.css("span.mention")
DEV: Remove unused variable.
2018-11-23 08:31:52 +08:00
names = elements.map { |element| element.text[1..-1] }
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
mentions = lookup_mentions(names, user_id: user_id)
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FIX: Ignore group mentions inside quotes (#8905) Also includes: * DEV: Reuse found elements
2020-02-11 01:31:42 +08:00
elements.each do |element|
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
name = element.text[1..-1]
name.downcase!
if type = mentions[name]
element.name = 'a'
element.children = PrettyText::Helpers.format_username(
element.children.text
)
case type
when USER_TYPE
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element['href'] = "#{Discourse.base_path}/u/#{UrlHelper.encode_component(name)}"
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
when GROUP_MENTIONABLE_TYPE
element['class'] = 'mention-group notify'
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element['href'] = "#{Discourse.base_path}/groups/#{UrlHelper.encode_component(name)}"
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
when GROUP_TYPE
element['class'] = 'mention-group'
Replace `base_uri` with `base_path` (#10879) DEV: Replace instances of Discourse.base_uri with Discourse.base_path This is clearer because the base_uri is actually just a path prefix. This continues the work started in 555f467.
2020-10-09 19:51:24 +08:00
element['href'] = "#{Discourse.base_path}/groups/#{UrlHelper.encode_component(name)}"
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
end
end
end
end
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
def self.lookup_mentions(names, user_id: nil)
Avoid DB query when there are no mentions.
2018-11-22 16:42:56 +08:00
return {} if names.blank?
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
sql = <<~SQL
(
SELECT
:user_type AS type,
username_lower AS name
FROM users
FIX: Staged users should not be mentionable.
2018-11-22 15:00:46 +08:00
WHERE username_lower IN (:names) AND staged = false
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
)
UNION
(
SELECT
:group_type AS type,
FIX: Fix mentions for mixed case group names
2018-11-26 23:34:56 +08:00
lower(name) AS name
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
FROM groups
)
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
UNION
(
SELECT
:group_mentionable_type AS type,
lower(name) AS name
FROM groups
WHERE lower(name) IN (:names) AND (#{Group.mentionable_sql_clause(include_public: false)})
)
ORDER BY type
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
SQL
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
user = User.find_by(id: user_id)
FIX: Mention lookup should be case insensitive.
2018-11-22 16:32:56 +08:00
names.each(&:downcase!)
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
results = DB.query(sql,
names: names,
user_type: USER_TYPE,
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
group_type: GROUP_TYPE,
FIX: Group mentions were not being cooked the same was as previewed If a group mention could be notified on preview it was given an `<a>` tag with the `.notify` class. When cooked it would display differently. This patch makes the server side cooking match the client preview.
2020-02-19 04:45:02 +08:00
group_mentionable_type: GROUP_MENTIONABLE_TYPE,
FIX: Check whether group is mentionable by user when cooking post.
2018-11-22 16:01:03 +08:00
levels: Group.alias_levels(user),
user_id: user_id
PERF: Move mention lookups out of the V8 context. (#6640) We were looking up each mention one by one without any form of caching and that results in a problem somewhat similar to an N+1. When we have to do alot of DB lookups, it also increased the time spent in the V8 context which may eventually lead to a timeout. The change here makes it such that mention lookups only does a single DB query per post that happens outside of the V8 context.
2018-11-22 14:28:48 +08:00
)
mentions = {}
results.each { |result| mentions[result.name] = result.type }
mentions
end
FEATURE: Allow hotlinked media to be blocked (#16940) This commit introduces a new site setting: `block_hotlinked_media`. When enabled, all attempts to hotlink media (images, videos, and audio) will fail, and be replaced with a linked placeholder. Exceptions to the rule can be added via `block_hotlinked_media_exceptions`. `download_remote_image_to_local` can be used alongside this feature. In that case, hotlinked images will be blocked immediately when the post is created, but will then be replaced with the downloaded version a few seconds later. This implementation is purely server-side, and does not impact the composer preview. Technically, there are two stages to this feature: 1. `PrettyText.sanitize_hotlinked_media` is called during `PrettyText.cook`, and whenever new images are introduced by Onebox. It will iterate over all src/srcset attributes in the post HTML and check if they're allowed. If not, the attributes will be removed and replaced with a `data-blocked-hotlinked-src(set)` attribute 2. In the `CookedPostProcessor`, we iterate over all `data-blocked-hotlinked-src(set)` attributes and check whether we have a downloaded version of the media. If yes, we update the src to use the downloaded version. If not, the entire media element is replaced with a placeholder. The placeholder is labelled 'external media', and is a link to the offsite media.
2022-06-07 22:23:04 +08:00
def self.allowed_src_pattern
allowed_src_prefixes = [
Discourse.base_path,
Discourse.base_url,
GlobalSetting.s3_cdn_url,
GlobalSetting.cdn_url,
SiteSetting.external_emoji_url.presence,
*SiteSetting.block_hotlinked_media_exceptions.split("|")
]
patterns = allowed_src_prefixes.compact.map do |url|
pattern = Regexp.escape(url)
# If 'https://example.com' is allowed, ensure 'https://example.com.blah.com' is not
pattern += '(?:/|\z)' if !pattern.ends_with?("\/")
pattern
end
/\A(data:|#{patterns.join("|")})/
end
Initial release of Discourse
2013-02-06 03:16:51 +08:00
end
Reference in New Issue Copy Permalink