fixed formating by moving from raw(markdown) to sanitize(markdown)

mdeiters · mdeiters · commit 11f536860cdc · 2016-02-18T22:52:09.000-08:00
diff --git a/README.rdoc b/README.rdoc
@@ -1,12 +1,7 @@
-## Features remaining prior release
-
-* TODO: Get protip uploads to work
-* TODO: Fix commenting formatting issue (see: http://localhost:5000/p/lhsrcq/one-line-browser-notepad)
-* TODO: Write announcement protip and link it on homepage
-
 ## Post release backlog
 
 * TODO: Dragging files into protip editor https://github.com/feross/drag-drop
+* TODO: Write announcement protip and link it on homepage
 * TODO: Basic Caching
 * TODO: Deleting user
 * TODO: Team view
diff --git a/app/views/comments/_comment.html.haml b/app/views/comments/_comment.html.haml
@@ -9,7 +9,7 @@
       .author[:author]
         %a.bold.black.no-hover[:alternateName]{href: profile_path(username: comment.user.username)}
           =comment.user.username
-      .content.small[:text]=raw CFM::Markdown.render(comment.body)
+      .content.small[:text]=sanitize CFM::Markdown.render(comment.body)
       .diminish.mt1
         ==#{time_ago_in_words(comment.created_at)} ago
         -if signed_in? && current_user.can_edit?(comment)
diff --git a/app/views/protips/index.html.haml b/app/views/protips/index.html.haml
@@ -21,7 +21,7 @@
           =icon 'bolt', class: 'mr1'
           Introducing Coderwall 3.0
         %p.mt2 We hope this shiny brand new version of Coderwall makes you smile. We're on a mission to make the software world smaller - watch for alot more to come.
-        %a Read the full announcement
+        -# %a Read the full announcement
 
         %h4.mt4
           =icon 'calendar', class: 'mr1'
diff --git a/app/views/protips/show.html.haml b/app/views/protips/show.html.haml
@@ -49,7 +49,7 @@
           -@protip.tags.each do |tag|
             %h6.inline=tag
         .content.p2.mt3[:articleBody]
-          = raw CFM::Markdown.render(@protip.body)
+          = sanitize CFM::Markdown.render(@protip.body)
 
         .author.p2[:author]
           %h5.mt0[@protip.user]
diff --git a/app/views/users/show.html.haml b/app/views/users/show.html.haml
@@ -62,7 +62,7 @@
         .clearfix.p0.mt2
           %p
             .content[:description]
-              =raw CFM::Markdown.render(@user.about)
+              = sanitize CFM::Markdown.render(@user.about)
           .mt1
             -@user.skills.each do |tag|
               .inline[:memberOf]=tag
diff --git a/lib/cfm.rb b/lib/cfm.rb
@@ -8,9 +8,11 @@ def render(text)
         return nil if text.nil?
 
         extensions = {
-          fenced_code_blocks: true,
-          strikethrough: true,
-          autolink: true
+          fenced_code_blocks:   true,
+          strikethrough:        true,
+          autolink:             true,
+          no_styles:            true,
+          safe_links_only:      true
         }
 
         renderer  = Redcarpet::Render::HTML.new(link_attributes: {rel: "nofollow"})
