From c109f8d23a8338625af2463deb35bbb5210e8d95 Mon Sep 17 00:00:00 2001
From: jomo <github@jomo.tv>
Date: Wed, 30 Apr 2014 01:14:19 +0200
Subject: [PATCH] added trusted markdown renderer (for info)

---
 app/controllers/users_controller.rb |  1 +
 app/helpers/application_helper.rb   | 29 +++++++++++++++++++++++++++--
 app/views/info/show.html.erb        |  2 +-
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index ef83b1d..69bee43 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -85,6 +85,7 @@ class UsersController < ApplicationController
       if user_profile
         @user.uuid = user_profile["id"]
         @user.ign  = user_profile["name"] # correct case
+
         # TODO: uncomment when MC part works
         if true # validate_token(@user.uuid, @user.email, params[:registration_token])
           @user.last_ip = request.remote_ip # showing in mail
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 1afeeaf..e001214 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -22,7 +22,32 @@ module ApplicationHelper
       safe_links_only: true,
       with_toc_data: true,
       hard_wrap: true,
-      link_attributes: {target: "_blank", rel: "nofollow"}
+      link_attributes: {rel: "nofollow"}
+    })
+    md = Redcarpet::Markdown.new(renderer, {
+      no_intra_emphasis: true,
+      tables: true,
+      fenced_code_blocks: true,
+      autolink: true,
+      strikethrough: true,
+      lax_spacing: true,
+      disable_indented_code_blocks: false,
+      space_after_headers: false,
+      superscript: true,
+      underline: true,
+      highlight: true,
+      footnotes: true
+    })
+    render_youtube(md.render(content))
+  end
+
+  def render_trusted_md(content)
+    renderer = Redcarpet::Render::HTML.new({
+      filter_html: false,
+      no_styles: false,
+      safe_links_only: false,
+      with_toc_data: true,
+      hard_wrap: true,
     })
     md = Redcarpet::Markdown.new(renderer, {
       no_intra_emphasis: true,
@@ -49,7 +74,7 @@ module ApplicationHelper
       safe_links_only: true,
       with_toc_data: false,
       hard_wrap: false,
-      link_attributes: {target: "_blank", rel: "nofollow"}
+      link_attributes: {rel: "nofollow"}
     })
     md = Redcarpet::Markdown.new(renderer, {
       no_intra_emphasis: true,
diff --git a/app/views/info/show.html.erb b/app/views/info/show.html.erb
index 2737f13..22196c2 100644
--- a/app/views/info/show.html.erb
+++ b/app/views/info/show.html.erb
@@ -2,4 +2,4 @@
 <%= link_to "Edit Info", edit_info_path(@info), class: "btn blue right" %>
 <div class="clear"></div>
 <h1><%= @info.title %></h1>
-<div class="post"><%= render_md(@info.content).html_safe %></div>
\ No newline at end of file
+<div class="post"><%= render_trusted_md(@info.content).html_safe %></div>
\ No newline at end of file