FIX: remove meta data from lightbox in both excerpt (html & text)

app/helpers/user_notifications_helper.rb

@@ -1,13 +1,5 @@
 module UserNotificationsHelper
 
-  def self.sanitize_options
-    return @sanitize_options if @sanitize_options
-    @sanitize_options = Sanitize::Config::RELAXED.deep_dup
-    @sanitize_options[:elements] << 'aside' << 'div'
-    @sanitize_options[:attributes][:all] << 'class'
-    @sanitize_options
-  end
-
   def indent(text, by=2)
     spacer = " " * by
     result = ""
@@ -57,21 +49,15 @@ module UserNotificationsHelper
   end
 
   def email_excerpt(html, posts_count)
-    # If there's only one post, include the whole thing.
+    # only include 1st paragraph when more than 1 posts
-    if posts_count == 1
+    html = first_paragraph_from(html).to_s if posts_count > 1
-      raw Sanitize.clean(html, UserNotificationsHelper.sanitize_options)
+    raw format_for_email(html)
-    else
-      # Otherwise, try just the first paragraph.
-      para = first_paragraph_from(html)
-      raw Sanitize.clean(para.to_s, UserNotificationsHelper.sanitize_options)
-    end
   end
 
-  def cooked_post_for_email(post)
+  def format_for_email(html)
-    PrettyText.format_for_email(post.cooked).html_safe
+    PrettyText.format_for_email(html).html_safe
   end
 
-
   def email_category(category, opts=nil)
     opts = opts || {}
 

app/views/email/_post.html.erb

@@ -10,7 +10,7 @@
       </td>
     </tr>
     <tr>
-      <td class='body'><%= cooked_post_for_email(post) %></td>
+      <td class='body'><%= format_for_email(post.cooked) %></td>
     </tr>
   </tbody>
 </table>

app/views/user_notifications/digest.text.erb

@@ -10,10 +10,7 @@
 <%= raw(@markdown_linker.create(t.title, t.relative_url)) %>
 
 <%- if t.best_post.present? %>
- <%= raw(t.best_post.excerpt(1000,
+ <%= raw(t.best_post.excerpt(1000, strip_links: true, text_entities: true, markdown_images: true)) %>
-                            strip_links: true,
-                            text_entities: true,
-                            markdown_images: true)) %>
 --------------------------------------------------------------------------------
 
 <%- end %>

lib/pretty_text.rb

@@ -241,6 +241,11 @@ module PrettyText
   end
 
   def self.excerpt(html, max_length, options={})
+    # TODO: properly fix this HACK in ExcerptParser without introducing XSS
+    doc = Nokogiri::HTML.fragment(html)
+    strip_image_wrapping(doc)
+    html = doc.to_html
+
     ExcerptParser.get_excerpt(html, max_length, options)
   end
 

spec/components/pretty_text_spec.rb

@@ -3,6 +3,9 @@ require 'pretty_text'
 
 describe PrettyText do
 
+  let(:wrapped_image) { "<div class=\"lightbox-wrapper\"><a href=\"//localhost:3000/uploads/default/4399/33691397e78b4d75.png\" class=\"lightbox\" title=\"Screen Shot 2014-04-14 at 9.47.10 PM.png\"><img src=\"//localhost:3000/uploads/default/_optimized/bd9/b20/bbbcd6a0c0_655x500.png\" width=\"655\" height=\"500\"><div class=\"meta\">\n<span class=\"filename\">Screen Shot 2014-04-14 at 9.47.10 PM.png</span><span class=\"informations\">966x737 1.47 MB</span><span class=\"expand\"></span>\n</div></a></div>" }
+  let(:wrapped_image_excerpt) {  }
+
   describe "Cooking" do
 
     describe "with avatar" do
@@ -111,6 +114,10 @@ describe PrettyText do
         PrettyText.excerpt("<div class='spoiler'><img src='http://cnn.com/a.gif'></div>", 100).should match_html "<span class='spoiler'>[image]</span>"
         PrettyText.excerpt("<span class='spoiler'>spoiler</div>", 100).should match_html "<span class='spoiler'>spoiler</span>"
       end
+
+      it "should remove meta informations" do
+        PrettyText.excerpt(wrapped_image, 100).should match_html "<a href='//localhost:3000/uploads/default/4399/33691397e78b4d75.png' class='lightbox' title='Screen Shot 2014-04-14 at 9.47.10 PM.png'>[image]</a>"
+      end
     end
 
     it "should have an option to strip links" do
@@ -276,10 +283,8 @@ describe PrettyText do
       strip_image_wrapping(html).should == html
     end
 
-    let(:wrapped_image) { "<div class=\"lightbox-wrapper\"><a href=\"//localhost:3000/uploads/default/4399/33691397e78b4d75.png\" class=\"lightbox\" title=\"Screen Shot 2014-04-14 at 9.47.10 PM.png\"><img src=\"//localhost:3000/uploads/default/_optimized/bd9/b20/bbbcd6a0c0_655x500.png\" width=\"655\" height=\"500\"><div class=\"meta\">\n<span class=\"filename\">Screen Shot 2014-04-14 at 9.47.10 PM.png</span><span class=\"informations\">966x737 1.47 MB</span><span class=\"expand\"></span>\n</div></a></div>" }
-
     it "strips the metadata" do
-      strip_image_wrapping(wrapped_image).should == "<div class=\"lightbox-wrapper\"><a href=\"//localhost:3000/uploads/default/4399/33691397e78b4d75.png\" class=\"lightbox\" title=\"Screen Shot 2014-04-14 at 9.47.10 PM.png\"><img src=\"//localhost:3000/uploads/default/_optimized/bd9/b20/bbbcd6a0c0_655x500.png\" width=\"655\" height=\"500\"></a></div>"
+      strip_image_wrapping(wrapped_image).should match_html "<div class=\"lightbox-wrapper\"><a href=\"//localhost:3000/uploads/default/4399/33691397e78b4d75.png\" class=\"lightbox\" title=\"Screen Shot 2014-04-14 at 9.47.10 PM.png\"><img src=\"//localhost:3000/uploads/default/_optimized/bd9/b20/bbbcd6a0c0_655x500.png\" width=\"655\" height=\"500\"></a></div>"
     end
   end