diff --git a/app/helpers/user_notifications_helper.rb b/app/helpers/user_notifications_helper.rb index a86871ba5b2..99807e2db4f 100644 --- a/app/helpers/user_notifications_helper.rb +++ b/app/helpers/user_notifications_helper.rb @@ -1,13 +1,5 @@ module UserNotificationsHelper - def self.sanitize_options - return @sanitize_options if @sanitize_options - @sanitize_options = Sanitize::Config::RELAXED.deep_dup - @sanitize_options[:elements] << 'aside' << 'div' - @sanitize_options[:attributes][:all] << 'class' - @sanitize_options - end - def indent(text, by=2) spacer = " " * by result = "" @@ -57,21 +49,15 @@ module UserNotificationsHelper end def email_excerpt(html, posts_count) - # If there's only one post, include the whole thing. - if posts_count == 1 - raw Sanitize.clean(html, UserNotificationsHelper.sanitize_options) - else - # Otherwise, try just the first paragraph. - para = first_paragraph_from(html) - raw Sanitize.clean(para.to_s, UserNotificationsHelper.sanitize_options) - end + # only include 1st paragraph when more than 1 posts + html = first_paragraph_from(html).to_s if posts_count > 1 + raw format_for_email(html) end - def cooked_post_for_email(post) - PrettyText.format_for_email(post.cooked).html_safe + def format_for_email(html) + PrettyText.format_for_email(html).html_safe end - def email_category(category, opts=nil) opts = opts || {} diff --git a/app/views/email/_post.html.erb b/app/views/email/_post.html.erb index 1a10b57f773..8cacf66f993 100644 --- a/app/views/email/_post.html.erb +++ b/app/views/email/_post.html.erb @@ -10,7 +10,7 @@ - <%= cooked_post_for_email(post) %> + <%= format_for_email(post.cooked) %> diff --git a/app/views/user_notifications/digest.text.erb b/app/views/user_notifications/digest.text.erb index f05ed22ff4a..b0735a373a7 100644 --- a/app/views/user_notifications/digest.text.erb +++ b/app/views/user_notifications/digest.text.erb @@ -10,10 +10,7 @@ <%= raw(@markdown_linker.create(t.title, t.relative_url)) %> <%- if t.best_post.present? %> - <%= raw(t.best_post.excerpt(1000, - strip_links: true, - text_entities: true, - markdown_images: true)) %> + <%= raw(t.best_post.excerpt(1000, strip_links: true, text_entities: true, markdown_images: true)) %> -------------------------------------------------------------------------------- <%- end %> diff --git a/lib/pretty_text.rb b/lib/pretty_text.rb index 6a1625b2dfe..2c4622815c6 100644 --- a/lib/pretty_text.rb +++ b/lib/pretty_text.rb @@ -241,6 +241,11 @@ module PrettyText end def self.excerpt(html, max_length, options={}) + # TODO: properly fix this HACK in ExcerptParser without introducing XSS + doc = Nokogiri::HTML.fragment(html) + strip_image_wrapping(doc) + html = doc.to_html + ExcerptParser.get_excerpt(html, max_length, options) end diff --git a/spec/components/pretty_text_spec.rb b/spec/components/pretty_text_spec.rb index 0a6857d69c3..76e5122121c 100644 --- a/spec/components/pretty_text_spec.rb +++ b/spec/components/pretty_text_spec.rb @@ -3,6 +3,9 @@ require 'pretty_text' describe PrettyText do + let(:wrapped_image) { "
\nScreen Shot 2014-04-14 at 9.47.10 PM.png966x737 1.47 MB\n
" } + let(:wrapped_image_excerpt) { } + describe "Cooking" do describe "with avatar" do @@ -111,6 +114,10 @@ describe PrettyText do PrettyText.excerpt("
", 100).should match_html "[image]" PrettyText.excerpt("spoiler", 100).should match_html "spoiler" end + + it "should remove meta informations" do + PrettyText.excerpt(wrapped_image, 100).should match_html "[image]" + end end it "should have an option to strip links" do @@ -276,10 +283,8 @@ describe PrettyText do strip_image_wrapping(html).should == html end - let(:wrapped_image) { "
\nScreen Shot 2014-04-14 at 9.47.10 PM.png966x737 1.47 MB\n
" } - it "strips the metadata" do - strip_image_wrapping(wrapped_image).should == "
" + strip_image_wrapping(wrapped_image).should match_html "
" end end