Module: PrettyText

Defined in:
lib/pretty_text.rb,
lib/pretty_text/helpers.rb

Defined Under Namespace

Modules: Helpers Classes: DetectedLink, JavaScriptError

Constant Summary collapse

DANGEROUS_BIDI_CHARACTERS = 
[
  "\u202A",
  "\u202B",
  "\u202C",
  "\u202D",
  "\u202E",
  "\u2066",
  "\u2067",
  "\u2068",
  "\u2069",
].freeze
DANGEROUS_BIDI_REGEXP = 
Regexp.new(DANGEROUS_BIDI_CHARACTERS.join("|")).freeze
BLOCKED_HOTLINKED_SRC_ATTR = 
"data-blocked-hotlinked-src"
BLOCKED_HOTLINKED_SRCSET_ATTR = 
"data-blocked-hotlinked-srcset"

Class Method Summary collapse

Class Method Details

.add_rel_attributes_to_user_content(doc, add_nofollow) ⇒ Object 



360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
 
# File 'lib/pretty_text.rb', line 360

def self.add_rel_attributes_to_user_content(doc, add_nofollow)
  allowlist = []

  domains = SiteSetting.exclude_rel_nofollow_domains
  allowlist = domains.split("|") if domains.present?

  site_uri = nil
  doc
    .css("a")
    .each do |l|
      href = l["href"].to_s
      l["rel"] = "noopener" if l["target"] == "_blank"

      begin
        uri = URI(UrlHelper.encode_component(href))
        site_uri ||= URI(Discourse.base_url)

        same_domain =
          !uri.host.present? || uri.host == site_uri.host ||
            uri.host.ends_with?(".#{site_uri.host}") ||
            allowlist.any? { |u| uri.host == u || uri.host.ends_with?(".#{u}") }

        l["rel"] = "noopener nofollow ugc" if add_nofollow && !same_domain
      rescue URI::Error
        # add a nofollow anyway
        l["rel"] = "noopener nofollow ugc"
      end
    end
end

.app_rootObject 



27
28
29
 
# File 'lib/pretty_text.rb', line 27

def self.app_root
  Rails.root
end

.apply_es6_file(ctx, root_path, part_name) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/pretty_text.rb', line 47

def self.apply_es6_file(ctx, root_path, part_name)
  filename = find_file(root_path, part_name)
  if filename
    source = File.read("#{root_path}#{filename}")
    source = ERB.new(source).result(binding) if filename =~ /\.erb\z/

    transpiler = DiscourseJsProcessor::Transpiler.new
    transpiled = transpiler.perform(source, "#{Rails.root}/app/assets/javascripts/", part_name)
    ctx.eval(transpiled)
  else
    # Look for vendored stuff
    vendor_root = "#{Rails.root}/vendor/assets/javascripts/"
    filename = find_file(vendor_root, part_name)
    ctx.eval(File.read("#{vendor_root}#{filename}")) if filename
  end
end

.avatar_img(avatar_template, size) ⇒ Object

leaving this here, cause it invokes v8, don’t want to implement twice



257
258
259
260
261
262
263
264
 
# File 'lib/pretty_text.rb', line 257

def self.avatar_img(avatar_template, size)
  protect { v8.eval(<<~JS) }
      __optInput = {};
      __optInput.avatar_sizes = #{SiteSetting.avatar_sizes.to_json};
      __paths = #{paths_json};
      require("discourse-common/lib/avatar-utils").avatarImg({size: #{size.inspect}, avatarTemplate: #{avatar_template.inspect}}, __getURL);
    JS
end

.convert_hashtag_links_to_plaintext(doc) ⇒ Object 



479
480
481
482
483
 
# File 'lib/pretty_text.rb', line 479

def self.convert_hashtag_links_to_plaintext(doc)
  doc
    .css("a.hashtag-cooked")
    .each { |hashtag| hashtag.replace("##{hashtag.attributes["data-slug"]}") }
end

.convert_vimeo_iframes(doc) ⇒ Object 



521
522
523
524
525
526
527
528
529
530
531
532
533
 
# File 'lib/pretty_text.rb', line 521

def self.convert_vimeo_iframes(doc)
  doc
    .css("iframe[src*='player.vimeo.com']")
    .each do |iframe|
      if iframe["data-original-href"].present?
        vimeo_url = UrlHelper.normalized_encode(iframe["data-original-href"])
      else
        vimeo_id = iframe["src"].split("/").last.sub("?h=", "/")
        vimeo_url = "https://vimeo.com/#{vimeo_id}"
      end
      iframe.replace Nokogiri::HTML5.fragment("<p><a href='#{vimeo_url}'>#{vimeo_url}</a></p>")
    end
end

.cook(text, opts = {}) ⇒ Object 



298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
 
# File 'lib/pretty_text.rb', line 298

def self.cook(text, opts = {})
  options = opts.dup
  working_text = text.dup

  sanitized = markdown(working_text, options)

  doc = Nokogiri::HTML5.fragment(sanitized)

  add_nofollow = !options[:omit_nofollow] && SiteSetting.add_rel_nofollow_to_user_content
  add_rel_attributes_to_user_content(doc, add_nofollow)
  strip_hidden_unicode_bidirectional_characters(doc)
  sanitize_hotlinked_media(doc)

  add_mentions(doc, user_id: opts[:user_id]) if SiteSetting.enable_mentions

  scrubber = Loofah::Scrubber.new { |node| node.remove if node.name == "script" }
  loofah_fragment = Loofah.html5_fragment(doc.to_html)
  loofah_fragment.scrub!(scrubber).to_html
end

.create_es6_contextObject 



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/pretty_text.rb', line 71

def self.create_es6_context
  ctx = MiniRacer::Context.new(timeout: 25_000, ensure_gc_after_idle: 2000)

  ctx.eval("window = {}; window.devicePixelRatio = 2;") # hack to make code think stuff is retina

  ctx.attach("rails.logger.info", proc { |err| Rails.logger.info(err.to_s) })
  ctx.attach("rails.logger.warn", proc { |err| Rails.logger.warn(err.to_s) })
  ctx.attach("rails.logger.error", proc { |err| Rails.logger.error(err.to_s) })
  ctx.eval <<~JS
    console = {
      prefix: "[PrettyText] ",
      log: function(...args){ rails.logger.info(console.prefix + args.join(" ")); },
      warn: function(...args){ rails.logger.warn(console.prefix + args.join(" ")); },
      error: function(...args){ rails.logger.error(console.prefix + args.join(" ")); }
    }
  JS

  ctx.eval("__PRETTY_TEXT = true")

  PrettyText::Helpers.instance_methods.each do |method|
    ctx.attach("__helpers.#{method}", PrettyText::Helpers.method(method))
  end

  root_path = "#{Rails.root}/app/assets/javascripts/"
  ctx_load(ctx, "#{root_path}/node_modules/loader.js/dist/loader/loader.js")
  ctx_load(ctx, "#{root_path}/handlebars-shim.js")
  ctx_load(ctx, "#{root_path}/node_modules/xss/dist/xss.js")
  ctx.load("#{Rails.root}/lib/pretty_text/vendor-shims.js")
  ctx_load_directory(ctx, "pretty-text/addon")
  ctx_load_directory(ctx, "pretty-text/engines/discourse-markdown")
  ctx_load(ctx, "#{root_path}/node_modules/markdown-it/dist/markdown-it.js")

  apply_es6_file(ctx, root_path, "discourse-common/addon/lib/get-url")
  apply_es6_file(ctx, root_path, "discourse-common/addon/lib/object")
  apply_es6_file(ctx, root_path, "discourse-common/addon/lib/deprecated")
  apply_es6_file(ctx, root_path, "discourse-common/addon/lib/escape")
  apply_es6_file(ctx, root_path, "discourse-common/addon/lib/avatar-utils")
  apply_es6_file(ctx, root_path, "discourse-common/addon/utils/watched-words")
  apply_es6_file(ctx, root_path, "discourse/app/lib/to-markdown")

  ctx.load("#{Rails.root}/lib/pretty_text/shims.js")
  ctx.eval("__setUnicode(#{Emoji.unicode_replacements_json})")

  to_load = []
  DiscoursePluginRegistry.each_globbed_asset do |a|
    to_load << a if File.file?(a) && a =~ /discourse-markdown/
  end
  to_load.uniq.each do |f|
    if f =~ %r{\A.+assets/javascripts/}
      root = Regexp.last_match[0]
      apply_es6_file(ctx, root, f.sub(root, "").sub(/\.js(\.es6)?\z/, ""))
    end
  end

  DiscoursePluginRegistry.vendored_core_pretty_text.each { |vpt| ctx.eval(File.read(vpt)) }

  DiscoursePluginRegistry.vendored_pretty_text.each { |vpt| ctx.eval(File.read(vpt)) }

  ctx
end

.ctx_load_directory(ctx, path) ⇒ Object 



64
65
66
67
68
69
 
# File 'lib/pretty_text.rb', line 64

def self.ctx_load_directory(ctx, path)
  root_path = "#{Rails.root}/app/assets/javascripts/"
  Dir["#{root_path}#{path}/**/*"].sort.each do |f|
    apply_es6_file(ctx, root_path, f.sub(root_path, "").sub(/\.js(.es6)?\z/, ""))
  end
end

.escape_emoji(title) ⇒ Object 



285
286
287
288
289
290
291
292
293
294
295
296
 
# File 'lib/pretty_text.rb', line 285

def self.escape_emoji(title)
  return unless title

  replace_emoji_shortcuts = SiteSetting.enable_emoji && SiteSetting.enable_emoji_shortcuts

  protect { v8.eval(<<~JS) }
      __performEmojiEscape(#{title.inspect}, {
        emojiShortcuts: #{replace_emoji_shortcuts},
        inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
      });
    JS
end

.excerpt(html, max_length, options = {}) ⇒ Object 



467
468
469
470
471
472
473
474
475
476
477
 
# File 'lib/pretty_text.rb', line 467

def self.excerpt(html, max_length, options = {})
  # TODO: properly fix this HACK in ExcerptParser without introducing XSS
  doc = Nokogiri::HTML5.fragment(html)
  DiscourseEvent.trigger(:reduce_excerpt, doc, options)
  strip_image_wrapping(doc)
  strip_oneboxed_media(doc)
  convert_hashtag_links_to_plaintext(doc) if options[:plain_hashtags]

  html = doc.to_html
  ExcerptParser.get_excerpt(html, max_length, options)
end

.extract_links(html) ⇒ Object 



393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
 
# File 'lib/pretty_text.rb', line 393

def self.extract_links(html)
  links = []
  doc = Nokogiri::HTML5.fragment(html)

  # extract onebox links
  doc
    .css("aside.onebox[data-onebox-src]")
    .each { |onebox| links << DetectedLink.new(onebox["data-onebox-src"], false) }

  # remove href inside quotes & oneboxes & elided part
  doc.css("aside.quote a, aside.onebox a, .elided a").remove

  # remove hotlinked images
  doc.css("a.onebox > img").each { |img| img.parent.remove }

  # extract all links
  doc
    .css("a")
    .each do |a|
      links << DetectedLink.new(a["href"], false) if a["href"].present? && a["href"][0] != "#"
    end

  # extract quotes
  doc
    .css("aside.quote[data-topic]")
    .each do |aside|
      if aside["data-topic"].present?
        url = +"/t/#{aside["data-topic"]}"
        url << "/#{aside["data-post"]}" if aside["data-post"].present?
        links << DetectedLink.new(url, true)
      end
    end

  # extract Youtube links
  doc
    .css("div[data-video-id]")
    .each do |div|
      if div["data-video-id"].present? && div["data-provider-name"].present?
        base_url =
          case div["data-provider-name"]
          when "youtube"
            "https://www.youtube.com/watch?v="
          when "vimeo"
            "https://vimeo.com/"
          when "tiktok"
            "https://m.tiktok.com/v/"
          end
        links << DetectedLink.new(base_url + div["data-video-id"], false)
      end
    end

  links
end

.extract_mentions(cooked) ⇒ Object 



447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
 
# File 'lib/pretty_text.rb', line 447

def self.extract_mentions(cooked)
  mentions =
    cooked
      .css(".mention, .mention-group")
      .map do |e|
        if (name = e.inner_text)
          name = name[1..-1]
          name = User.normalize_username(name)
          name
        end
      end

  mentions =
    DiscoursePluginRegistry.apply_modifier(:pretty_text_extract_mentions, mentions, cooked)

  mentions.compact!
  mentions.uniq!
  mentions
end

.find_file(root, filename) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'lib/pretty_text.rb', line 31

def self.find_file(root, filename)
  return filename if File.file?("#{root}#{filename}")

  es6_name = "#{filename}.js.es6"
  return es6_name if File.file?("#{root}#{es6_name}")

  js_name = "#{filename}.js"
  return js_name if File.file?("#{root}#{js_name}")

  erb_name = "#{filename}.js.es6.erb"
  return erb_name if File.file?("#{root}#{erb_name}")

  erb_name = "#{filename}.js.erb"
  erb_name if File.file?("#{root}#{erb_name}")
end

.format_for_email(html, post = nil) ⇒ Object 



639
640
641
642
643
644
645
646
647
 
# File 'lib/pretty_text.rb', line 639

def self.format_for_email(html, post = nil)
  doc = Nokogiri::HTML5.fragment(html)
  DiscourseEvent.trigger(:reduce_cooked, doc, post)
  strip_secure_uploads(doc) if post&.with_secure_uploads?
  strip_image_wrapping(doc)
  convert_vimeo_iframes(doc)
  make_all_links_absolute(doc)
  doc.to_html
end

.make_all_links_absolute(doc) ⇒ Object 



494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
 
# File 'lib/pretty_text.rb', line 494

def self.make_all_links_absolute(doc)
  site_uri = nil
  doc
    .css("a")
    .each do |link|
      href = link["href"].to_s
      begin
        uri = URI(href)
        site_uri ||= URI(Discourse.base_url)
        unless uri.host.present? || href.start_with?("mailto")
          link["href"] = "#{site_uri}#{link["href"]}"
        end
      rescue URI::Error
        # leave it
      end
    end
end

.markdown(text, opts = {}) ⇒ Object

Acceptable options:

disable_emojis    - Disables the emoji markdown engine.
features          - A hash where the key is the markdown feature name and the value is a boolean to enable/disable the markdown feature.
                    The hash is merged into the default features set in pretty-text.js which can be used to add new features or disable existing features.
features_override - An array of markdown feature names to override the default markdown feature set. Currently used by plugins to customize what features should be enabled
                    when rendering markdown.
markdown_it_rules - An array of markdown rule names which will be applied to the markdown-it engine. Currently used by plugins to customize what markdown-it rules should be
                    enabled when rendering markdown.
topic_id          - Topic id for the post being cooked.
user_id           - User id for the post being cooked.
force_quote_link  - Always create the link to the quoted topic for [quote] bbcode. Normally this only happens
                    if the topic_id provided is different from the [quote topic:X].
hashtag_context   - Defaults to "topic-composer" if not supplied. Controls the order of #hashtag lookup results
                    based on registered hashtag contexts from the `#register_hashtag_search_param` plugin API
                    method.



171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
 
# File 'lib/pretty_text.rb', line 171

def self.markdown(text, opts = {})
  # we use the exact same markdown converter as the client
  # TODO: use the same extensions on both client and server (in particular the template for mentions)
  baked = nil
  text = text || ""

  protect do
    context = v8

    custom_emoji = {}
    Emoji.custom.map { |e| custom_emoji[e.name] = e.url }

    # note, any additional options added to __optInput here must be
    # also be added to the buildOptions function in pretty-text.js,
    # otherwise they will be discarded
    buffer = +<<~JS
      __optInput = {};
      __optInput.siteSettings = #{SiteSetting.client_settings_json};
      #{"__optInput.disableEmojis = true" if opts[:disable_emojis]}
      __paths = #{paths_json};
      __optInput.getURL = __getURL;
      #{"__optInput.features = #{opts[:features].to_json};" if opts[:features]}
      #{"__optInput.featuresOverride = #{opts[:features_override].to_json};" if opts[:features_override]}
      #{"__optInput.markdownItRules = #{opts[:markdown_it_rules].to_json};" if opts[:markdown_it_rules]}
      __optInput.getCurrentUser = __getCurrentUser;
      __optInput.lookupAvatar = __lookupAvatar;
      __optInput.lookupPrimaryUserGroup = __lookupPrimaryUserGroup;
      __optInput.formatUsername = __formatUsername;
      __optInput.getTopicInfo = __getTopicInfo;
      __optInput.hashtagLookup = __hashtagLookup;
      __optInput.customEmoji = #{custom_emoji.to_json};
      __optInput.customEmojiTranslation = #{Plugin::CustomEmoji.translations.to_json};
      __optInput.emojiUnicodeReplacer = __emojiUnicodeReplacer;
      __optInput.emojiDenyList = #{Emoji.denied.to_json};
      __optInput.lookupUploadUrls = __lookupUploadUrls;
      __optInput.censoredRegexp = #{WordWatcher.serializable_word_matcher_regexp(:censor, engine: :js).to_json};
      __optInput.watchedWordsReplace = #{WordWatcher.word_matcher_regexps(:replace, engine: :js).to_json};
      __optInput.watchedWordsLink = #{WordWatcher.word_matcher_regexps(:link, engine: :js).to_json};
      __optInput.additionalOptions = #{Site.markdown_additional_options.to_json};
      __optInput.avatar_sizes = #{SiteSetting.avatar_sizes.to_json};
    JS

    buffer << "__optInput.topicId = #{opts[:topic_id].to_i};\n" if opts[:topic_id]

    if opts[:force_quote_link]
      buffer << "__optInput.forceQuoteLink = #{opts[:force_quote_link]};\n"
    end

    buffer << "__optInput.userId = #{opts[:user_id].to_i};\n" if opts[:user_id]

    opts[:hashtag_context] = opts[:hashtag_context] || "topic-composer"
    hashtag_types_as_js =
      HashtagAutocompleteService
        .ordered_types_for_context(opts[:hashtag_context])
        .map { |t| "'#{t}'" }
        .join(",")
    buffer << "__optInput.hashtagTypesInPriorityOrder = [#{hashtag_types_as_js}];\n"
    buffer << "__optInput.hashtagIcons = #{HashtagAutocompleteService.data_source_icon_map.to_json};\n"

    buffer << "__textOptions = __buildOptions(__optInput);\n"
    buffer << ("__pt = new __PrettyText(__textOptions);")

    # Be careful disabling sanitization. We allow for custom emails
    buffer << ("__pt.disableSanitizer();") if opts[:sanitize] == false

    opts = context.eval(buffer)

    DiscourseEvent.trigger(:markdown_context, context)
    baked = context.eval("__pt.cook(#{text.inspect})")
  end

  baked
end

.paths_jsonObject 



245
246
247
248
249
250
251
252
253
254
 
# File 'lib/pretty_text.rb', line 245

def self.paths_json
  paths = { baseUri: Discourse.base_path, CDN: Rails.configuration.action_controller.asset_host }

  if SiteSetting.Upload.enable_s3_uploads
    paths[:S3CDN] = SiteSetting.Upload.s3_cdn_url if SiteSetting.Upload.s3_cdn_url.present?
    paths[:S3BaseUrl] = Discourse.store.absolute_base_url
  end

  paths.to_json
end

.reset_contextObject 



148
149
150
151
152
153
 
# File 'lib/pretty_text.rb', line 148

def self.reset_context
  @ctx_init.synchronize do
    @ctx&.dispose
    @ctx = nil
  end
end

.reset_translationsObject 



144
145
146
 
# File 'lib/pretty_text.rb', line 144

def self.reset_translations
  v8.eval("__resetTranslationTree()")
end

.sanitize_hotlinked_media(doc) ⇒ Object 



339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
 
# File 'lib/pretty_text.rb', line 339

def self.sanitize_hotlinked_media(doc)
  return if !SiteSetting.block_hotlinked_media

  allowed_pattern = allowed_src_pattern

  doc
    .css("img[src], source[src], source[srcset], track[src]")
    .each do |el|
      if el["src"] && !el["src"].match?(allowed_pattern)
        el[PrettyText::BLOCKED_HOTLINKED_SRC_ATTR] = el.delete("src")
      end

      if el["srcset"]
        srcs = el["srcset"].split(",").map { |e| e.split(" ", 2)[0].presence }
        if srcs.any? { |src| !src.match?(allowed_pattern) }
          el[PrettyText::BLOCKED_HOTLINKED_SRCSET_ATTR] = el.delete("srcset")
        end
      end
    end
end

.secure_uploads_placeholder(doc, url, onebox_type: false, width: nil, height: nil) ⇒ Object 



628
629
630
631
632
633
634
635
636
637
 
# File 'lib/pretty_text.rb', line 628

def self.secure_uploads_placeholder(doc, url, onebox_type: false, width: nil, height: nil)
  data_width = width ? "data-width=#{width}" : ""
  data_height = height ? "data-height=#{height}" : ""
  data_onebox_type = onebox_type ? "data-onebox-type='#{onebox_type}'" : ""
  <<~HTML
  <div class="secure-upload-notice" data-stripped-secure-upload="#{url}" #{data_onebox_type} #{data_width} #{data_height}>
    #{I18n.t("emails.secure_uploads_placeholder")} <a class='stripped-secure-view-upload' href="#{url}">#{I18n.t("emails.view_redacted_media")}</a>.
  </div>
  HTML
end

.strip_hidden_unicode_bidirectional_characters(doc) ⇒ Object 



318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
 
# File 'lib/pretty_text.rb', line 318

def self.strip_hidden_unicode_bidirectional_characters(doc)
  return if !DANGEROUS_BIDI_REGEXP.match?(doc.content)

  doc
    .css("code,pre")
    .each do |code_tag|
      next if !DANGEROUS_BIDI_REGEXP.match?(code_tag.content)

      DANGEROUS_BIDI_CHARACTERS.each do |bidi|
        next if !code_tag.content.include?(bidi)

        formatted = "&lt;U+#{bidi.ord.to_s(16).upcase}&gt;"
        code_tag.inner_html =
          code_tag.inner_html.gsub(
            bidi,
            "<span class=\"bidi-warning\" title=\"#{I18n.t("post.hidden_bidi_character")}\">#{formatted}</span>",
          )
      end
    end
end

.strip_image_wrapping(doc) ⇒ Object 



512
513
514
 
# File 'lib/pretty_text.rb', line 512

def self.strip_image_wrapping(doc)
  doc.css(".lightbox-wrapper .meta").remove
end

.strip_links(string) ⇒ Object 



485
486
487
488
489
490
491
492
 
# File 'lib/pretty_text.rb', line 485

def self.strip_links(string)
  return string if string.blank?

  # If the user is not basic, strip links from their bio
  fragment = Nokogiri::HTML5.fragment(string)
  fragment.css("a").each { |a| a.replace(a.inner_html) }
  fragment.to_html
end

.strip_oneboxed_media(doc) ⇒ Object 



516
517
518
519
 
# File 'lib/pretty_text.rb', line 516

def self.strip_oneboxed_media(doc)
  doc.css("audio").remove
  doc.css(".video-onebox,video").remove
end

.strip_secure_uploads(doc) ⇒ Object 



535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
 
# File 'lib/pretty_text.rb', line 535

def self.strip_secure_uploads(doc)
  # images inside a lightbox or other link
  doc
    .css("a[href]")
    .each do |a|
      next if !Upload.secure_uploads_url?(a["href"])

      non_image_media = %w[video audio].include?(a&.parent&.name)
      target = non_image_media ? a.parent : a
      if target.to_s.include?("stripped-secure-view-media") ||
           target.to_s.include?("stripped-secure-view-upload")
        next
      end

      next if a.css("img[src]").empty? && !non_image_media

      if a.classes.include?("lightbox")
        img = a.css("img[src]").first
        srcset = img&.attributes["srcset"]&.value
        if srcset
          # if available, use the first image from the srcset here
          # so we get the optimized image instead of the possibly huge original
          url = srcset.split(",").first
        else
          url = img["src"]
        end
        a.add_next_sibling secure_uploads_placeholder(
                             doc,
                             url,
                             width: img["width"],
                             height: img["height"],
                           )
        a.remove
      else
        width = non_image_media ? nil : a.at_css("img").attr("width")
        height = non_image_media ? nil : a.at_css("img").attr("height")
        target.add_next_sibling secure_uploads_placeholder(
                                  doc,
                                  a["href"],
                                  width: width,
                                  height: height,
                                )
        target.remove
      end
    end

  # images by themselves or inside a onebox
  doc
    .css("img[src]")
    .each do |img|
      url =
        if img.parent.classes.include?("aspect-image") && img.attributes["srcset"].present?
          # we are using the first image from the srcset here so we get the
          # optimized image instead of the original, because an optimized
          # image may be used for the onebox thumbnail
          srcset = img.attributes["srcset"].value
          srcset.split(",").first
        else
          img["src"]
        end

      width = img["width"]
      height = img["height"]
      onebox_type = nil

      if img.ancestors.css(".onebox-body").any?
        if img.classes.include?("onebox-avatar-inline")
          onebox_type = "avatar-inline"
        else
          onebox_type = "thumbnail"
        end
      end

      # we always want this to be tiny and without any special styles
      if img.classes.include?("site-icon")
        onebox_type = nil
        width = 16
        height = 16
      end

      if Upload.secure_uploads_url?(url)
        img.add_next_sibling secure_uploads_placeholder(
                               doc,
                               url,
                               onebox_type: onebox_type,
                               width: width,
                               height: height,
                             )
        img.remove
      end
    end
end

.unescape_emoji(title) ⇒ Object 



266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
 
# File 'lib/pretty_text.rb', line 266

def self.unescape_emoji(title)
  return title unless SiteSetting.enable_emoji? && title

  set = SiteSetting.emoji_set.inspect
  custom = Emoji.custom.map { |e| [e.name, e.url] }.to_h.to_json

  protect { v8.eval(<<~JS) }
      __paths = #{paths_json};
      __performEmojiUnescape(#{title.inspect}, {
        getURL: __getURL,
        emojiSet: #{set},
        emojiCDNUrl: "#{SiteSetting.external_emoji_url.blank? ? "" : SiteSetting.external_emoji_url}",
        customEmoji: #{custom},
        enableEmojiShortcuts: #{SiteSetting.enable_emoji_shortcuts},
        inlineEmoji: #{SiteSetting.enable_inline_emoji_translation}
      });
    JS
end

.v8Object 



132
133
134
135
136
137
138
139
140
141
142
 
# File 'lib/pretty_text.rb', line 132

def self.v8
  return @ctx if @ctx

  # ensure we only init one of these
  @ctx_init.synchronize do
    return @ctx if @ctx
    @ctx = create_es6_context
  end

  @ctx
end