Merge branch 'unescaped-diffs' into 'master'

Make sure non-highlighted diffs are still escaped

Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/12521

See merge request !2544

app/controllers/projects/blob_controller.rb

@@ -52,7 +52,9 @@ class Projects::BlobController < Projects::ApplicationController
   def preview
     @content = params[:content]
     diffy = Diffy::Diff.new(@blob.data, @content, diff: '-U 3', include_diff_info: true)
-    @diff_lines = Gitlab::Diff::Parser.new.parse(diffy.diff.scan(/.*\n/))
+    diff_lines = diffy.diff.scan(/.*\n/)[2..-1]
+    diff_lines = Gitlab::Diff::Parser.new.parse(diff_lines)
+    @diff_lines = Gitlab::Diff::Highlight.new(diff_lines).highlight
 
     render layout: false
   end

app/models/note.rb

@@ -244,7 +244,7 @@ class Note < ActiveRecord::Base
     prev_match_line = nil
     prev_lines = []
 
-    diff_lines.each do |line|
+    highlighted_diff_lines.each do |line|
       if line.type == "match"
         prev_lines.clear
         prev_match_line = line
@@ -261,7 +261,11 @@ class Note < ActiveRecord::Base
   end
 
   def diff_lines
-    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines.to_a)
+    @diff_lines ||= Gitlab::Diff::Parser.new.parse(diff.diff.lines)
+  end
+
+  def highlighted_diff_lines
+    Gitlab::Diff::Highlight.new(diff_lines).highlight
   end
 
   def discussion_id

lib/gitlab/diff/highlight.rb

 module Gitlab
   module Diff
     class Highlight
-      attr_reader :diff_file
+      attr_reader :diff_file, :diff_lines, :raw_lines
 
       delegate :old_path, :new_path, :old_ref, :new_ref, to: :diff_file, prefix: :diff
 
-      def initialize(diff_file)
-        @diff_file = diff_file
-        @diff_lines = diff_file.diff_lines
+      def initialize(diff_lines)
+        if diff_lines.is_a?(Gitlab::Diff::File)
+          @diff_file = diff_lines
+          @diff_lines = @diff_file.diff_lines
+        else
+          @diff_lines = diff_lines
+        end
         @raw_lines = @diff_lines.map(&:text)
       end
 
@@ -31,7 +35,7 @@ module Gitlab
       private
 
       def highlight_line(diff_line, index)
-        return html_escape(diff_line.text) unless diff_file.diff_refs
+        return html_escape(diff_line.text) unless diff_file && diff_file.diff_refs
 
         line_prefix = diff_line.text.match(/\A(.)/) ? $1 : ' '
 
@@ -52,10 +56,12 @@ module Gitlab
       end
 
       def old_lines
+        return unless diff_file
         @old_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:old))
       end
 
       def new_lines
+        return unless diff_file
         @new_lines ||= Gitlab::Highlight.highlight_lines(*processing_args(:new))
       end