Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-15 17:56:03 +01:00
Code Issues Packages Projects Releases Activity

Replaces deckar01-task_list gem with commonmarks tasklist extension (#42602).

Browse Source 
git-svn-id: https://svn.redmine.org/redmine/trunk@23718 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu
2025-04-27 06:58:32 +00:00
parent 235179d13a
commit 6faaf3d038
6 changed files with 72 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@@ -49,7 +49,6 @@ end
# Optional CommonMark support, not for JRuby
group :common_mark do
gem "commonmarker", '~> 2.3.0'
gem 'deckar01-task_list', '2.3.2'
end
# Include database gems for the adapters found in the database

7
app/assets/stylesheets/application.css
View File

@@ -1611,10 +1611,11 @@ a.wiki-anchor:hover { color: #aaa !important; text-decoration: none; }
h1:hover a.wiki-anchor, h2:hover a.wiki-anchor, h3:hover a.wiki-anchor, h4:hover a.wiki-anchor, h5:hover a.wiki-anchor, h6:hover a.wiki-anchor { display: inline; color: #ddd; }
div.wiki img {vertical-align:middle; max-width:100%;}
div.wiki>.task-list {
padding-left: 0px;
div.wiki>.contains-task-list {
padding-left: 0;
}
div.wiki .task-list {
div.wiki .contains-task-list {
list-style-type: none;
}
div.wiki .task-list input.task-list-item-checkbox {

7
lib/redmine/wiki_formatting/common_mark/formatter.rb
View File

@@ -18,7 +18,6 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
require 'html/pipeline'
require 'task_list/filter'
module Redmine
module WikiFormatting
@@ -33,7 +32,7 @@ module Redmine
autolink: true,
footnotes: true,
header_ids: nil,
tasklist: false,
tasklist: true,
shortcodes: false,
}.freeze,
@@ -46,6 +45,7 @@ module Redmine
unsafe: true,
github_pre_lang: false,
hardbreaks: Redmine::Configuration['common_mark_enable_hardbreaks'] == true,
tasklist_classes: true,
}.freeze,
commonmarker_plugins: {
syntax_highlighter: nil
@@ -57,8 +57,7 @@ module Redmine
SanitizationFilter,
SyntaxHighlightFilter,
FixupAutoLinksFilter,
ExternalLinksFilter,
TaskList::Filter
ExternalLinksFilter
], PIPELINE_CONFIG
class Formatter

48
lib/redmine/wiki_formatting/common_mark/sanitization_filter.rb
View File

@@ -78,20 +78,58 @@ module Redmine
# allowlist[:attributes]["td"] = %w(style)
# allowlist[:css] = { properties: ["text-align"] }
# Allow `id` in a and li elements for footnotes
# and remove any `id` properties not matching for footnotes
# Allow `id` in a elements for footnotes
allowlist[:attributes]["a"].push "id"
allowlist[:attributes]["li"] = %w(id)
# Remove any `id` property not matching for footnotes
allowlist[:transformers].push lambda{|env|
node = env[:node]
return unless node.name == "a" || node.name == "li"
return unless node.name == "a"
return unless node.has_attribute?("id")
return if node.name == "a" && node["id"] =~ /\Afnref-\d+\z/
return if node.name == "li" && node["id"] =~ /\Afn-\d+\z/
node.remove_attribute("id")
}
# allow `id` in li element for footnotes
# allow `class` in li element for task list items
allowlist[:attributes]["li"] = %w(id class)
allowlist[:transformers].push lambda{|env|
node = env[:node]
return unless node.name == "li"
if node.has_attribute?("id") && !(node["id"] =~ /\Afn-\d+\z/)
node.remove_attribute("id")
end
if node.has_attribute?("class") && node["class"] != "task-list-item"
node.remove_attribute("class")
end
}
# allow input type = "checkbox" with class "task-list-item-checkbox"
# for task list items
allowlist[:elements].push('input')
allowlist[:attributes]["input"] = %w(class type)
allowlist[:transformers].push lambda{|env|
node = env[:node]
return unless node.name == "input"
return if node['type'] == "checkbox" && node['class'] == "task-list-item-checkbox"
node.replace(node.children)
}
# allow class "contains-task-list" on ul for task list items
allowlist[:attributes]["ul"] = %w(class)
allowlist[:transformers].push lambda{|env|
node = env[:node]
return unless node.name == "ul"
return if node["class"] == "contains-task-list"
node.remove_attribute("class")
}
# https://github.com/rgrove/sanitize/issues/209
allowlist[:protocols].delete("a")
allowlist[:transformers].push lambda{|env|

2
test/unit/lib/redmine/wiki_formatting/common_mark/formatter_test.rb
View File

@@ -287,7 +287,7 @@ class Redmine::WikiFormatting::CommonMark::FormatterTest < ActionView::TestCase
expected = <<~EXPECTED
<p>Task list:</p>
<ul class="task-list">
<ul class="contains-task-list">
<li class="task-list-item">
<input type="checkbox" class="task-list-item-checkbox" disabled> Task 1
</li>

21
test/unit/lib/redmine/wiki_formatting/html_sanitizer_test.rb
View File

@@ -35,4 +35,25 @@ class Redmine::WikiFormatting::HtmlSanitizerTest < ActiveSupport::TestCase
input = %(<a href="javascript:alert('hello');">foo</a>)
assert_equal "<a>foo</a>", @sanitizer.call(input)
end
def test_should_be_strict_with_task_list_items
to_test = {
%(<input type="checkbox" class="">) => "",
%(<input type="checkbox" class="task-list-item-checkbox other">) => "",
%(<input type="checkbox" class="task-list-item-checkbox" id="item1">) => %(<input type="checkbox" class="task-list-item-checkbox">),
%(<input type="text" class="">) => "",
%(<input />) => "",
%(<ul class="other"></ul) => "<ul></ul>",
%(<ul class="contains-task-list"></ul) => "<ul class=\"contains-task-list\"></ul>",
%(<ul class="contains-task-list" id="list1"></ul) => "<ul class=\"contains-task-list\"></ul>",
%(<li class="other"></li>) => "",
%(<li id="other"></li>) => "",
%(<li class="task-list-item"></li>) => "",
%(<li class="task-list-item">Item 1</li>) => "Item 1",
}
to_test.each do |input, result|
assert_equal result, @sanitizer.call(input)
end
end
end