zhongjin
/
cartodb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #12628 from CartoDB/12627-html-safe-mailto

Browse Source 
prevent a markdown with 'mailto' to open a new browser tab
pull/12614/head
Alberto Romeu 7 years ago committed by GitHub
parent c7b02ad6df 7e3a626f8e
commit 6dc70e6719
3 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
NEWS.md
Unescape View File

@ -40,6 +40,8 @@ Development
* Mustache conditionals support improved in popups (#support/763)
### Bug fixes / enhancements
* Prevent a markdown with 'mailto' to open a new browser tab (#12628)
* Slider initialization waits for it to be attached to the DOM
* Fix timeseries animation for pixel styles (#12571)
* Change request order in user-actions (#12548)

16
app/helpers/carto/html_safe.rb
Unescape View File

@ -3,9 +3,17 @@ require_relative '../../models/markdown_render'
module Carto::HtmlSafe
def markdown_html_safe(text)
if text.present?
renderer = Redcarpet::Render::Safe.new(link_attributes: { target: '_blank' })
renderer = create_renderer(text)
markdown = Redcarpet::Markdown.new(renderer, extensions = {})
markdown.render text
markdown.render text
end
end
def create_renderer(text)
if mailto?(text)
Redcarpet::Render::Safe.new
else
Redcarpet::Render::Safe.new(link_attributes: { target: '_blank' })
end
end
@ -14,4 +22,8 @@ module Carto::HtmlSafe
markdown_html_safe(text).strip_tags
end
end
def mailto?(text)
text && text.include?('mailto:')
end
end

11
spec/helpers/carto/html_safe_spec.rb
Unescape View File

@ -10,4 +10,15 @@ describe Carto::HtmlSafe do
link = 'http://www.carto.com'
html_safe.markdown_html_safe("[text](#{link})").should eq "<p><a href=\"#{link}\" target=\"_blank\">text</a></p>\n"
end
it 'does not set target="blank" for mailto markdown' do
mailto = 'mailto:wadus@example.com'
html_safe.markdown_html_safe("[text](#{mailto})").should eq "<p><a href=\"#{mailto}\">text</a></p>\n"
end
it 'does not set target="blank" for mailto links' do
mail = 'wadus@example.com'
mailto = 'mailto:' + mail
html_safe.markdown_html_safe("<#{mailto}>").should eq "<p><a href=\"#{mailto}\">#{mail}</a></p>\n"
end
end

Write Preview
Loading…
Cancel
Save