Commit dd159a75 authored by Nick Thomas's avatar Nick Thomas

Make search results use the markdown cache columns, treating them consistently

Truncato is introduced as a dependency to intelligently shorten the rendered
HTML to 200 characters; the previous approach could have resulted in invalid
HTML being rendered.
parent 109816c4
......@@ -110,6 +110,7 @@ gem 'creole', '~> 0.5.0'
gem 'wikicloth', '0.8.1'
gem 'asciidoctor', '~> 1.5.2'
gem 'rouge', '~> 2.0'
gem 'truncato', '~> 0.7.8'
# See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
# and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
......
......@@ -745,6 +745,9 @@ GEM
tilt (2.0.5)
timecop (0.8.1)
timfel-krb5-auth (0.8.3)
truncato (0.7.8)
htmlentities (~> 4.3.1)
nokogiri (~> 1.6.1)
turbolinks (2.5.3)
coffee-rails
tzinfo (1.2.2)
......@@ -971,6 +974,7 @@ DEPENDENCIES
test_after_commit (~> 0.4.2)
thin (~> 1.7.0)
timecop (~> 0.8.0)
truncato (~> 0.7.8)
turbolinks (~> 2.5.0)
u2f (~> 0.2.1)
uglifier (~> 2.7.2)
......
......@@ -153,8 +153,18 @@ module SearchHelper
search_path(options)
end
# Sanitize html generated after parsing markdown from issue description or comment
def search_md_sanitize(html)
# Sanitize a HTML field for search display. Most tags are stripped out and the
# maximum length is set to 200 characters.
def search_md_sanitize(object, field)
html = markdown_field(object, field)
html = Truncato.truncate(
html,
count_tags: false,
count_tail: false,
max_length: 200
)
# Truncato's filtered_tags and filtered_attributes are not quite the same
sanitize(html, tags: %w(a p ol ul li pre code))
end
end
......@@ -7,7 +7,7 @@
- if issue.description.present?
.description.term
= preserve do
= search_md_sanitize(markdown(truncate(issue.description, length: 200, separator: " "), { project: issue.project, author: issue.author }))
= search_md_sanitize(issue, :description)
%span.light
#{issue.project.name_with_namespace}
- if issue.closed?
......
......@@ -6,7 +6,7 @@
- if merge_request.description.present?
.description.term
= preserve do
= search_md_sanitize(markdown(merge_request.description, { project: merge_request.project, author: merge_request.author }))
= search_md_sanitize(merge_request, :description)
%span.light
#{merge_request.project.name_with_namespace}
.pull-right
......
......@@ -6,4 +6,4 @@
- if milestone.description.present?
.description.term
= preserve do
= search_md_sanitize(markdown(milestone.description))
= search_md_sanitize(milestone, :description)
......@@ -23,4 +23,4 @@
.note-search-result
.term
= preserve do
= search_md_sanitize(markdown(note.note, {no_header_anchors: true, author: note.author}))
= search_md_sanitize(note, :note)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment