From 2b87f44b19a7ad9fc760469caa19d9659e3ebae0 Mon Sep 17 00:00:00 2001
From: ArtOfCode- <hello@artofcode.co.uk>
Date: Tue, 2 Jun 2020 12:13:52 +0100
Subject: [PATCH] Replace render calls with render_markdown helper

---
 Gemfile.lock                            | 7 +++++--
 app/controllers/answers_controller.rb   | 4 ++--
 app/controllers/posts_controller.rb     | 6 +++---
 app/controllers/questions_controller.rb | 2 +-
 app/controllers/users_controller.rb     | 2 +-
 app/helpers/application_helper.rb       | 6 ++++++
 app/views/answers/edit.html.erb         | 2 +-
 app/views/categories/index.html.erb     | 2 +-
 app/views/categories/show.html.erb      | 2 +-
 app/views/comments/_comment.html.erb    | 2 +-
 app/views/layouts/_sidebar.html.erb     | 2 +-
 app/views/posts/_form.html.erb          | 2 +-
 app/views/questions/edit.html.erb       | 2 +-
 app/views/questions/new.html.erb        | 2 +-
 app/views/questions/new_meta.html.erb   | 2 +-
 app/views/search/search.html.erb        | 2 +-
 16 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/Gemfile.lock b/Gemfile.lock
index a89c5080e..cb3590971 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -85,6 +85,8 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
+    commonmarker (0.21.0)
+      ruby-enum (~> 0.5)
     concurrent-ruby (1.1.6)
     counter_culture (2.5.1)
       activerecord (>= 4.2)
@@ -193,7 +195,6 @@ GEM
     rb-fsevent (0.10.4)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redcarpet (3.5.0)
     redis (4.1.4)
     responders (3.0.0)
       actionpack (>= 5.0)
@@ -217,6 +218,8 @@ GEM
       unicode-display_width (>= 1.4.0, < 2.0)
     rubocop-ast (0.0.3)
       parser (>= 2.7.0.1)
+    ruby-enum (0.8.0)
+      i18n
     ruby-progressbar (1.10.1)
     sass (3.7.4)
       sass-listen (~> 4.0.0)
@@ -287,6 +290,7 @@ DEPENDENCIES
   byebug (~> 11.1)
   chartkick (~> 3.3)
   coffee-rails (~> 4.2.2)
+  commonmarker (~> 0.21)
   counter_culture (~> 2.0)
   coveralls (~> 0.8)
   devise (~> 4.7)
@@ -304,7 +308,6 @@ DEPENDENCIES
   rails (~> 5.2)
   rails-controller-testing (~> 1.0)
   rails-html-sanitizer (~> 1.3)
-  redcarpet (~> 3.5)
   redis (~> 4.1)
   reverse_markdown (~> 2.0)
   rotp (~> 6.0)
diff --git a/app/controllers/answers_controller.rb b/app/controllers/answers_controller.rb
index 99a593713..53857f028 100644
--- a/app/controllers/answers_controller.rb
+++ b/app/controllers/answers_controller.rb
@@ -12,7 +12,7 @@ class AnswersController < ApplicationController
   def create
     @question = Question.find params[:id]
     @answer = Answer.new(answer_params.merge(parent: @question, user: current_user, score: 0,
-                                             body: AnswersController.renderer.render(params[:answer][:body_markdown]),
+                                             body: helpers.render_markdown(params[:answer][:body_markdown]),
                                              last_activity: DateTime.now, last_activity_by: current_user,
                                              category: @question.category))
     unless current_user.id == @question.user.id
@@ -36,7 +36,7 @@ class AnswersController < ApplicationController
 
     PostHistory.post_edited(@answer, current_user, before: @answer.body_markdown,
                             after: params[:answer][:body_markdown], comment: params[:edit_comment])
-    if @answer.update(answer_params.merge(body: AnswersController.renderer.render(params[:answer][:body_markdown]),
+    if @answer.update(answer_params.merge(body: helpers.render_markdown(params[:answer][:body_markdown]),
                                           last_activity: DateTime.now, last_activity_by: current_user))
       redirect_to url_for(controller: :questions, action: :show, id: @answer.parent.id)
     else
diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 2e8ac00a7..9fef3524b 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -18,7 +18,7 @@ class PostsController < ApplicationController
   def create
     @category = Category.find(params[:category_id])
     @post = Post.new(post_params.merge(category: @category, user: current_user, post_type_id: params[:post_type_id],
-                                       body: QuestionsController.renderer.render(params[:post][:body_markdown])))
+                                       body: helpers.render_markdown(params[:post][:body_markdown])))
 
     if @category.min_trust_level.present? && @category.min_trust_level > current_user.trust_level
       @post.errors.add(:base, "You don't have a high enough trust level to post in the #{@category.name} category.")
@@ -47,7 +47,7 @@ class PostsController < ApplicationController
         SiteSetting[setting_name] || '(No such setting)'
       end
     end
-    @post = Post.new(new_post_params.merge(body: QuestionsController.renderer.render(params[:post][:body_markdown]),
+    @post = Post.new(new_post_params.merge(body: helpers.render_markdown(params[:post][:body_markdown]),
                                            user: User.find(-1)))
 
     if @post.policy_doc? && !current_user&.is_admin
@@ -76,7 +76,7 @@ class PostsController < ApplicationController
       end
     end
     PostHistory.post_edited(@post, current_user, before: @post.body_markdown, after: params[:post][:body_markdown])
-    if @post.update(help_post_params.merge(body: QuestionsController.renderer.render(params[:post][:body_markdown]),
+    if @post.update(help_post_params.merge(body: helpers.render_markdown(params[:post][:body_markdown]),
                                            last_activity: DateTime.now, last_activity_by: current_user))
       redirect_to policy_path(slug: @post.doc_slug)
     else
diff --git a/app/controllers/questions_controller.rb b/app/controllers/questions_controller.rb
index 81990ce4c..cf9ce5ba2 100644
--- a/app/controllers/questions_controller.rb
+++ b/app/controllers/questions_controller.rb
@@ -64,7 +64,7 @@ class QuestionsController < ApplicationController
 
     PostHistory.post_edited(@question, current_user, before: @question.body_markdown,
                             after: params[:question][:body_markdown], comment: params[:edit_comment])
-    body_rendered = QuestionsController.renderer.render(params[:question][:body_markdown])
+    body_rendered = helpers.render_markdown(params[:question][:body_markdown])
     if @question.update(question_params.merge(tags_cache: params[:question][:tags_cache]&.reject(&:empty?),
                                               body: body_rendered, last_activity: DateTime.now,
                                               last_activity_by: current_user))
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index e07f98baa..5403a1b1d 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -116,7 +116,7 @@ class UsersController < ApplicationController
       @user.avatar.attach(params[:user][:avatar])
     end
 
-    profile_rendered = QuestionsController.renderer.render(profile_params[:profile_markdown])
+    profile_rendered = helpers.render_markdown(profile_params[:profile_markdown])
     if @user.update(profile_params.merge(profile: profile_rendered))
       flash[:success] = 'Your profile details were updated.'
     else
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 6c8b7c259..a04b180aa 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -54,4 +54,10 @@ module ApplicationHelper
              format: '%n%u' }.merge(opts)
     ActiveSupport::NumberHelper.number_to_human(*args, **opts)
   end
+
+  def render_markdown(md)
+    CommonMarker.render_html md,
+                             [:FOOTNOTES, :LIBERAL_HTML_TAG, :STRIKETHROUGH_DOUBLE_TILDE],
+                             [:table, :strikethrough, :autolink]
+  end
 end
diff --git a/app/views/answers/edit.html.erb b/app/views/answers/edit.html.erb
index 84b984f4e..4ec360d86 100644
--- a/app/views/answers/edit.html.erb
+++ b/app/views/answers/edit.html.erb
@@ -40,7 +40,7 @@
     <h4 class="widget--header has-margin-0">Hints and Tips</h4>
     <div class="widget--body">
     <% guidance = @answer.category.answering_guidance_override || SiteSetting['AnsweringGuidance'] %>
-      <%= raw(sanitize(QuestionsController.renderer.render(guidance), scrubber: scrubber)) %>
+      <%= raw(sanitize(render_markdown(guidance), scrubber: scrubber)) %>
     </div>
   </div>
 <% end %>
diff --git a/app/views/categories/index.html.erb b/app/views/categories/index.html.erb
index 7db6fb6e9..2c507c1fe 100644
--- a/app/views/categories/index.html.erb
+++ b/app/views/categories/index.html.erb
@@ -6,7 +6,7 @@
     <div class="widget--body">
       <h3><%= cat.name %></h3>
       <% if cat.short_wiki.present? %>
-        <%= raw(sanitize(QuestionsController.renderer.render(cat.short_wiki), scrubber: scrubber)) %>
+        <%= raw(sanitize(render_markdown(cat.short_wiki), scrubber: scrubber)) %>
       <% end %>
       <% post_count = cat.posts.undeleted.count %>
       <span class="has-color-tertiary-500" title="<%= post_count %>">
diff --git a/app/views/categories/show.html.erb b/app/views/categories/show.html.erb
index 5fb77129b..4e2e09343 100644
--- a/app/views/categories/show.html.erb
+++ b/app/views/categories/show.html.erb
@@ -3,7 +3,7 @@
 <% if @category.short_wiki %>
   <div class="is-lead">
     <% cache [@category, 'description-rendered'] do %>
-      <%= raw(sanitize(QuestionsController.renderer.render(@category.short_wiki), scrubber: scrubber)) %>
+      <%= raw(sanitize(render_markdown(@category.short_wiki), scrubber: scrubber)) %>
     <% end %>
   </div>
 <% end %>
diff --git a/app/views/comments/_comment.html.erb b/app/views/comments/_comment.html.erb
index 25d71a9f0..e50c54ab7 100644
--- a/app/views/comments/_comment.html.erb
+++ b/app/views/comments/_comment.html.erb
@@ -1,6 +1,6 @@
 <div class="comment <%= comment.deleted? ? 'deleted-content' : '' %>" data-id="<%= comment.id %>" id="comment-<%= comment.id %>">
   <p class="comment--content">
-    <%= raw(sanitize(CommentsController.renderer.render(comment.content), scrubber: CommentScrubber.new)) %>
+    <%= raw(sanitize(render_markdown(comment.content), scrubber: CommentScrubber.new)) %>
     <span class="comment--meta">
       &mdash; <%= link_to comment.user.username, user_path(comment.user) %>
         <span class="text-muted" title="<%= comment.created_at.iso8601 %>"><%= time_ago_in_words(comment.created_at) %> ago</span>
diff --git a/app/views/layouts/_sidebar.html.erb b/app/views/layouts/_sidebar.html.erb
index a68343b81..5653cb98b 100644
--- a/app/views/layouts/_sidebar.html.erb
+++ b/app/views/layouts/_sidebar.html.erb
@@ -6,7 +6,7 @@
     <% cache SiteSetting.find_by(name: 'SidebarNoticeText') do %>
       <div class="widget has-margin-4 is-warning">
         <div class="widget--body">
-          <%= raw(sanitize(QuestionsController.renderer.render(notice_text), scrubber: scrubber)) %>
+          <%= raw(sanitize(render_markdown(notice_text), scrubber: scrubber)) %>
         </div>
       </div>
     <% end %>
diff --git a/app/views/posts/_form.html.erb b/app/views/posts/_form.html.erb
index 713d32852..7bc27bc87 100644
--- a/app/views/posts/_form.html.erb
+++ b/app/views/posts/_form.html.erb
@@ -6,7 +6,7 @@
   <p><strong>Posting Tips</strong></p>
   <div class="has-font-size-caption">
   <% guidance = @category.asking_guidance_override || SiteSetting['AskingGuidance'] %>
-    <%= raw(sanitize(QuestionsController.renderer.render(guidance), scrubber: scrubber)) %>
+    <%= raw(sanitize(render_markdown(guidance), scrubber: scrubber)) %>
   </div>
 </div>
 
diff --git a/app/views/questions/edit.html.erb b/app/views/questions/edit.html.erb
index 1a10e1d25..471f96363 100644
--- a/app/views/questions/edit.html.erb
+++ b/app/views/questions/edit.html.erb
@@ -9,7 +9,7 @@
       <h4 class="widget--header has-margin-0">Hints and Tips</h4>
       <div class="widget--body">
       <% guidance = @question.category.asking_guidance_override || SiteSetting['AskingGuidance'] %>
-        <%= raw(sanitize(QuestionsController.renderer.render(guidance), scrubber: scrubber)) %>
+        <%= raw(sanitize(render_markdown(guidance), scrubber: scrubber)) %>
       </div>
     </div>
   <% end %>
diff --git a/app/views/questions/new.html.erb b/app/views/questions/new.html.erb
index 12576499f..a9484f626 100644
--- a/app/views/questions/new.html.erb
+++ b/app/views/questions/new.html.erb
@@ -26,7 +26,7 @@
     <div class="widget has-margin-4">
       <h4 class="widget--header has-margin-0">Hints and Tips</h4>
       <div class="widget--body">
-        <%= raw(sanitize(QuestionsController.renderer.render(SiteSetting['AskingGuidance']), scrubber: scrubber)) %>
+        <%= raw(sanitize(render_markdown(SiteSetting['AskingGuidance']), scrubber: scrubber)) %>
       </div>
     </div>
   <% end %>
diff --git a/app/views/questions/new_meta.html.erb b/app/views/questions/new_meta.html.erb
index 7a6b35ea9..4a7918e72 100644
--- a/app/views/questions/new_meta.html.erb
+++ b/app/views/questions/new_meta.html.erb
@@ -28,7 +28,7 @@
     <div class="widget has-margin-4">
       <h4 class="widget--header has-margin-0">Hints and Tips</h4>
       <div class="widget--body">
-        <%= raw(sanitize(QuestionsController.renderer.render(SiteSetting['AskingGuidance']), scrubber: scrubber)) %>
+        <%= raw(sanitize(render_markdown(SiteSetting['AskingGuidance']), scrubber: scrubber)) %>
       </div>
     </div>
   <% end %>
diff --git a/app/views/search/search.html.erb b/app/views/search/search.html.erb
index 6624c69d4..83203611a 100644
--- a/app/views/search/search.html.erb
+++ b/app/views/search/search.html.erb
@@ -16,7 +16,7 @@
 
 <% if @posts.nil? %>
     <h3>Advanced Search Options</h3>
-    <%= raw(sanitize(QuestionsController.renderer.render(SiteSetting['JITAdvancedSearchHelp']), scrubber: scrubber)) %>
+    <%= raw(sanitize(render_markdown(SiteSetting['JITAdvancedSearchHelp']), scrubber: scrubber)) %>
 
     <p class="has-color-tertiary-500"><em>Search for something to start finding posts.</em></p>
 <% else %>
-- 
GitLab