added trusted markdown renderer (for info)

2014-04-30 01:14:19 +02:00
parent 41382c3d0d
commit c109f8d23a
3 changed files with 29 additions and 3 deletions
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -85,6 +85,7 @@ class UsersController < ApplicationController
      if user_profile
        @user.uuid = user_profile["id"]
        @user.ign  = user_profile["name"] # correct case
+
        # TODO: uncomment when MC part works
        if true # validate_token(@user.uuid, @user.email, params[:registration_token])
          @user.last_ip = request.remote_ip # showing in mail
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -22,7 +22,32 @@ module ApplicationHelper
      safe_links_only: true,
      with_toc_data: true,
      hard_wrap: true,
-      link_attributes: {target: "_blank", rel: "nofollow"}
+      link_attributes: {rel: "nofollow"}
+    })
+    md = Redcarpet::Markdown.new(renderer, {
+      no_intra_emphasis: true,
+      tables: true,
+      fenced_code_blocks: true,
+      autolink: true,
+      strikethrough: true,
+      lax_spacing: true,
+      disable_indented_code_blocks: false,
+      space_after_headers: false,
+      superscript: true,
+      underline: true,
+      highlight: true,
+      footnotes: true
+    })
+    render_youtube(md.render(content))
+  end
+
+  def render_trusted_md(content)
+    renderer = Redcarpet::Render::HTML.new({
+      filter_html: false,
+      no_styles: false,
+      safe_links_only: false,
+      with_toc_data: true,
+      hard_wrap: true,
    })
    md = Redcarpet::Markdown.new(renderer, {
      no_intra_emphasis: true,
@@ -49,7 +74,7 @@ module ApplicationHelper
      safe_links_only: true,
      with_toc_data: false,
      hard_wrap: false,
-      link_attributes: {target: "_blank", rel: "nofollow"}
+      link_attributes: {rel: "nofollow"}
    })
    md = Redcarpet::Markdown.new(renderer, {
      no_intra_emphasis: true,
--- a/app/views/info/show.html.erb
+++ b/app/views/info/show.html.erb
@@ -2,4 +2,4 @@
 <%= link_to "Edit Info", edit_info_path(@info), class: "btn blue right" %>
 <div class="clear"></div>
 <h1><%= @info.title %></h1>
-<div class="post"><%= render_md(@info.content).html_safe %></div>
+<div class="post"><%= render_trusted_md(@info.content).html_safe %></div>