diff --git a/app/helpers/markdownify_helper.rb b/app/helpers/markdownify_helper.rb index 89f09e521..13cb7c5cb 100644 --- a/app/helpers/markdownify_helper.rb +++ b/app/helpers/markdownify_helper.rb @@ -34,7 +34,7 @@ module MarkdownifyHelper renderer = Diaspora::Markdownify::HTML.new(render_options) markdown = Redcarpet::Markdown.new(renderer, markdown_options) - message = markdown.render(message) + message = markdown.render(message).html_safe if target.respond_to?(:format_mentions) message = target.format_mentions(message) diff --git a/lib/diaspora/markdownify.rb b/lib/diaspora/markdownify.rb index a5bed38e9..c57d8d495 100644 --- a/lib/diaspora/markdownify.rb +++ b/lib/diaspora/markdownify.rb @@ -100,6 +100,9 @@ module Diaspora end def paragraph(text) + #hax again... why is markdownify passing us nil? + text ||='' + if @newlines br = linebreak @@ -109,7 +112,7 @@ module Diaspora x =~ /\n{2}/ ? x : (x = x.strip; x << br) end end - return text + return "

#{text}

" end def preprocess(full_document) diff --git a/lib/diaspora/taggable.rb b/lib/diaspora/taggable.rb index 73f9d4b54..966851088 100644 --- a/lib/diaspora/taggable.rb +++ b/lib/diaspora/taggable.rb @@ -41,7 +41,7 @@ module Diaspora def self.format_tags(text, opts={}) return text if opts[:plain_text] text = ERB::Util.h(text) unless opts[:no_escape] - regex = /(^|\s)#(#{VALID_TAG_BODY})/ + regex = /(^|\s|>)#(#{VALID_TAG_BODY})/ form_message = text.to_str.gsub(regex) do |matched_string| "#{$~[1]}##{$~[2]}" end diff --git a/spec/helpers/markdownify_helper_spec.rb b/spec/helpers/markdownify_helper_spec.rb index 8be02519f..ab0fbdc9d 100644 --- a/spec/helpers/markdownify_helper_spec.rb +++ b/spec/helpers/markdownify_helper_spec.rb @@ -21,35 +21,35 @@ describe MarkdownifyHelper do describe "autolinks" do it "should not allow basic XSS/HTML" do - markdownify("").should == "<script>alert('XSS is evil')</script>" + markdownify("").should == "

<script>alert('XSS is evil')</script>

" end it "should recognize basic http links (1/3)" do proto="http" url="bugs.joindiaspora.com/issues/332" full_url = "#{proto}://#{url}" - markdownify(full_url).should == %Q{#{url}} + markdownify(full_url).should == %Q{

#{url}

} end it "should recognize basic http links (2/3)" do proto="http" url="webmail.example.com?~()!*/" full_url = "#{proto}://#{url}" - markdownify(full_url).should == %Q{#{url}} + markdownify(full_url).should == %Q{

#{url}

} end it "should recognize basic http links (3/3)" do proto="http" url="127.0.0.1:3000/users/sign_in" full_url = "#{proto}://#{url}" - markdownify(full_url).should == %Q{#{url}} + markdownify(full_url).should == %Q{

#{url}

} end it "should recognize secure https links" do proto="https" url="127.0.0.1:3000/users/sign_in" full_url = "#{proto}://#{url}" - markdownify(full_url).should == %Q{#{url}} + markdownify(full_url).should == %Q{

#{url}

} end it "doesn't muck up code text" do @@ -171,76 +171,76 @@ describe MarkdownifyHelper do proto="ftp" url="ftp.uni-kl.de/CCC/26C3/mp4/26c3-3540-en-a_hackers_utopia.mp4" # I did not watch that one, but the title sounds nice :P - markdownify(proto+"://"+url).should == ""+url+"" + markdownify(proto+"://"+url).should == "

"+url+"

" end it "should recognize www links" do url="www.joindiaspora.com" - markdownify(url).should == %Q{#{url}} + markdownify(url).should == %Q{

#{url}

} end end describe "specialchars" do it "replaces <3 with ♥" do message = "i <3 you" - markdownify(message).should == "i ♥ you" + markdownify(message).should == "

i ♥ you

" end it "replaces various things with (their) HTML entities" do message = "... <-> -> <- (tm) (r) (c)" - markdownify(message).should == "… ↔ → ← ™ ® ©" + markdownify(message).should == "

… ↔ → ← ™ ® ©

" end it "skips doing it if you say so" do message = "... -> <-" - markdownify(message, :specialchars => false).should == "... -> <-" + markdownify(message, :specialchars => false).should == "

... -> <-

" end end describe "weak emphasis" do it "should be recognized (1/2)" do message = "*some text* some text *some text* some text" - markdownify(message).should == "some text some text some text some text" + markdownify(message).should == "

some text some text some text some text

" end it "should be recognized (2/2)" do message = "_some text_ some text _some text_ some text" - markdownify(message).should == "some text some text some text some text" + markdownify(message).should == "

some text some text some text some text

" end end describe "strong emphasis" do it "should be recognized (1/2)" do message = "**some text** some text **some text** some text" - markdownify(message).should == "some text some text some text some text" + markdownify(message).should == "

some text some text some text some text

" end it "should be recognized (2/2)" do message = "__some text__ some text __some text__ some text" - markdownify(message).should == "some text some text some text some text" + markdownify(message).should == "

some text some text some text some text

" end end describe "nested weak and strong emphasis" do it "should be rendered correctly" do message = "__this is _some_ text__" - markdownify(message).should == "this is some text" + markdownify(message).should == "

this is some text

" message = "*this is **some** text*" - markdownify(message).should == "this is some text" + markdownify(message).should == "

this is some text

" message = "___some text___" - markdownify(message).should == "some text" + markdownify(message).should == "

some text

" end end describe "links" do it "should be recognized without title attribute" do message = "[link text](http://someurl.com) [link text](http://someurl.com)" - markdownify(message).should == 'link text link text' + markdownify(message).should == '

link text link text

' end it "should be recognized with title attribute" do message = '[link text](http://someurl.com "some title") [link text](http://someurl.com "some title")' - markdownify(message).should == 'link text link text' + markdownify(message).should == '

link text link text

' end it "should have a robust link parsing" do @@ -249,18 +249,18 @@ describe MarkdownifyHelper do link.should =~ %r{href="http://en.wikipedia.org/wiki/Text_%28literary_theory%29"} message = "[ links]( google.com)" - markdownify(message).should == %Q{links} + markdownify(message).should == %Q{

links

} message = "[_http_](http://google.com/search?q=with_multiple__underscores*and**asterisks )" - markdownify(message).should == %Q{http} + markdownify(message).should == %Q{

http

} message = %{[___FTP___]( ftp://ftp.uni-kl.de/CCC/26C3/mp4/26c3-3540-en-a_hackers_utopia.mp4 'File Transfer Protocol')} - markdownify(message).should == %{FTP} + markdownify(message).should == %{

FTP

} message = %{[**any protocol**](foo://bar.example.org/yes_it*makes*no_sense)} - markdownify(message).should == %{any protocol} + markdownify(message).should == %{

any protocol

} message = "This [ *text* ]( http://en.wikipedia.org/wiki/Text_(literary_theory) ) with many [ links]( google.com) tests [_http_](http://google.com/search?q=with_multiple__underscores*and**asterisks ), [___FTP___]( ftp://ftp.uni-kl.de/CCC/26C3/mp4/26c3-3540-en-a_hackers_utopia.mp4 'File Transfer Protocol'), [**any protocol**](foo://bar.example.org/yes_it*makes*no_sense)" - markdownify(message).should == 'This text with many links tests http, FTP, any protocol' + markdownify(message).should == '

This text with many links tests http, FTP, any protocol

' end end @@ -268,32 +268,32 @@ describe MarkdownifyHelper do describe "nested emphasis and links tags" do it "should be rendered correctly" do message = '[**some *link* text**](someurl.com "some title")' - markdownify(message).should == 'some link text' + markdownify(message).should == '

some link text

' end end it "should allow escaping" do message = '*some text* \*some text* \**some text* _some text_ \_some text_ \__some text_' - markdownify(message).should == "some text *some text* *some text some text _some text_ _some text" + markdownify(message).should == "

some text *some text* *some text some text _some text_ _some text

" end describe "newlines" do it 'skips inserting newlines if you pass the newlines option' do message = "These\nare\n\some\nnew\lines" res = markdownify(message, :newlines => false) - res.should == "#{message}" + res.should == "

#{message}

" end it 'generates breaklines' do message = "These\nare\nsome\nnew\nlines" res = markdownify(message) - res.should == "These
are
some
new
lines" + res.should == "

These
are
some
new
lines

" end it 'should render newlines and basic http links correctly' do message = "Some text, then a line break and a link\nhttp://joindiaspora.com\nsome more text" res = markdownify(message) - res.should == 'Some text, then a line break and a link
joindiaspora.com
some more text' + res.should == '

Some text, then a line break and a link
joindiaspora.com
some more text

' end end @@ -331,7 +331,7 @@ describe MarkdownifyHelper do context 'performance' do before do - @message = "HHello,Hello_, I _am a strong robot.*Hello, I am *a strong robot.Hello, I am a strong robot.Hello, I am a strong robot.Hello, I am a strong robot.Hello, I am a **strong robot.Hello, I am _a _strong *robot**.Hello*, I am a strong " + @message = "

HHello,Hello_, I _am a strong robot.*Hello, I am *a strong robot.Hello, I am a strong robot.Hello, I am a strong robot.Hello, I am a strong robot.Hello, I am a **strong robot.Hello, I am _a _strong *robot**.Hello*, I am a strong

" end it 'is sub millisecond' do