Make search results use the markdown cache columns, treating them consistently

Truncato is introduced as a dependency to intelligently shorten the rendered HTML to 200 characters; the previous approach could have resulted in invalid HTML being rendered.

Make search results use the markdown cache columns, treating them consistently
Truncato is introduced as a dependency to intelligently shorten the rendered HTML to 200 characters; the previous approach could have resulted in invalid HTML being rendered.
dd159a75 · Nick Thomas · 109816c4 · dd159a75 · dd159a75 · dd159a75
Commit dd159a75 authored Oct 06, 2016 by Nick Thomas
7 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -110,6 +110,7 @@ gem 'creole',             '~> 0.5.0'
 gem 'wikicloth',          '0.8.1'
 gem 'asciidoctor',        '~> 1.5.2'
 gem 'rouge',              '~> 2.0'
+gem 'truncato',           '~> 0.7.8'
 # See https://groups.google.com/forum/#!topic/ruby-security-ann/aSbgDiwb24s
 # and https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -745,6 +745,9 @@ GEM
    tilt (2.0.5)
    timecop (0.8.1)
    timfel-krb5-auth (0.8.3)
+    truncato (0.7.8)
+      htmlentities (~> 4.3.1)
+      nokogiri (~> 1.6.1)
    turbolinks (2.5.3)
      coffee-rails
    tzinfo (1.2.2)
@@ -971,6 +974,7 @@ DEPENDENCIES
  test_after_commit (~> 0.4.2)
  thin (~> 1.7.0)
  timecop (~> 0.8.0)
+  truncato (~> 0.7.8)
  turbolinks (~> 2.5.0)
  u2f (~> 0.2.1)
  uglifier (~> 2.7.2)

--- a/app/helpers/search_helper.rb
+++ b/app/helpers/search_helper.rb
@@ -153,8 +153,18 @@ module SearchHelper
    search_path(options)
  end
-  # Sanitize html generated after parsing markdown from issue description or comment
+  # Sanitize a HTML field for search display. Most tags are stripped out and the
-  def search_md_sanitize(html)
+  # maximum length is set to 200 characters.
+  def search_md_sanitize(object, field)
+    html = markdown_field(object, field)
+    html = Truncato.truncate(
+      html,
+      count_tags: false,
+      count_tail: false,
+      max_length: 200
+    )
+    # Truncato's filtered_tags and filtered_attributes are not quite the same
    sanitize(html, tags: %w(a p ol ul li pre code))
  end
 end
--- a/app/views/search/results/_issue.html.haml
+++ b/app/views/search/results/_issue.html.haml
@@ -7,7 +7,7 @@
  - if issue.description.present?
    .description.term
      = preserve do
-        = search_md_sanitize(markdown(truncate(issue.description, length: 200, separator: " "), { project: issue.project, author: issue.author }))
+        = search_md_sanitize(issue, :description)
  %span.light
    #{issue.project.name_with_namespace}
  - if issue.closed?

--- a/app/views/search/results/_merge_request.html.haml
+++ b/app/views/search/results/_merge_request.html.haml
@@ -6,7 +6,7 @@
  - if merge_request.description.present?
    .description.term
      = preserve do
-        = search_md_sanitize(markdown(merge_request.description, { project: merge_request.project, author: merge_request.author }))
+        = search_md_sanitize(merge_request, :description)
  %span.light
    #{merge_request.project.name_with_namespace}
  .pull-right

--- a/app/views/search/results/_milestone.html.haml
+++ b/app/views/search/results/_milestone.html.haml
@@ -6,4 +6,4 @@
  - if milestone.description.present?
    .description.term
      = preserve do
-        = search_md_sanitize(markdown(milestone.description))
+        = search_md_sanitize(milestone, :description)
--- a/app/views/search/results/_note.html.haml
+++ b/app/views/search/results/_note.html.haml
@@ -23,4 +23,4 @@
  .note-search-result
    .term
      = preserve do
-        = search_md_sanitize(markdown(note.note, {no_header_anchors: true, author: note.author}))
+        = search_md_sanitize(note, :note)