Commit 6a5a2c4c authored by Rene Saarsoo's avatar Rene Saarsoo
Browse files

Allow posting links in comments. 

There was an opts parameter which attempted enabling sencha.com/* URL-s,
but this option wasn't used anywhere the function was called from -
besides the option didn't work because some code before it attempted
turning all URL-s into links, but mistakenly also picked up URL-s
within href="...".

Anyway, I see no reason to only allow links to sencha.com, so allowing
all links, whatever they may be.

The code for convering URL-s to links is not needed at all because the
'marked' module does this already.
parent bdc840cb

opt/comments-server-side/util.js

+8 −20
Original line number Diff line number Diff line
@@ -4,33 +4,21 @@ var marked = require('marked'), 
    sanitizer = require('sanitizer'),

    nodemailer = require("nodemailer");



exports.sanitize = function(content, opts) {



    var markdowned, sanitized_output, urlFunc;



exports.sanitize = function(content) {

    var markdowned;

    try {

        markdowned = marked(content);

    } catch(e) {

        markdowned = content;

    }



    var exp = /(\bhttps?:\/\/[-A-Z0-9+&@#\/%?=~_|!:,.;]*[-A-Z0-9+&@#\/%=~_|])/igm;

    markdowned = markdowned.replace(exp, "<a href='$1'>$1</a>");



    if (opts && opts.stripUrls) {

        urlFunc = function(str) {

            if (str.match(/^(http:\/\/(www\.)?sencha.com|#))/)) {

    // Strip dangerous markup, but allow links to all URL-s

    var sanitized_output = sanitizer.sanitize(markdowned, function(str) {

        return str;

            } else {

                return '';

            }

        };

    }



    sanitized_output = sanitizer.sanitize(markdowned, urlFunc);

    sanitized_output = sanitized_output.replace(/&apos;/g, '&#39;');

    });



    return sanitized_output;

    // IE does not support &apos;

    return sanitized_output.replace(/&apos;/g, '&#39;');

};



exports.formatComments = function(comments, req) {