packagekit: apply our link attributes to markdown

For CVE and bug links we set target="_blank", noopener and noreferrer. The shown description is parsed from markdown and no custom attributes are applied, our remarkable module does not have a standard way to set these. Closes cockpit-project#17788
jelly · Oct 11, 2022 · eac491c · eac491c
1 parent 437a4cb
commit eac491c
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 1 deletion.
diff --git a/pkg/packagekit/updates.jsx b/pkg/packagekit/updates.jsx
@@ -240,8 +240,29 @@ function getSeverityURL(urls) {
     return highestURL;
 }
 
-function updateItem(info, pkgNames, key) {
+// Overrides the link_open function to apply our required HTML attributes
+function customRemarkable() {
     const remarkable = new Remarkable();
+
+    const orig_link_open = remarkable.renderer.rules.link_open;
+    remarkable.renderer.rules.link_open = function() {
+        let result = orig_link_open.apply(null, arguments);
+
+        const parser = new DOMParser();
+        const htmlDocument = parser.parseFromString(result, "text/html");
+        const links = htmlDocument.getElementsByTagName("a");
+        if (links.length === 1) {
+            const href = links[0].getAttribute("href");
+            result = `<a rel="noopener noreferrer" target="_blank" href="${href}">`;
+        }
+        return result;
+    };
+    return remarkable;
+}
+
+function updateItem(info, pkgNames, key) {
+    const remarkable = customRemarkable();
+
     let bugs = null;
     if (info.bug_urls && info.bug_urls.length) {
         // we assume a bug URL ends with a number; if not, show the complete URL

diff --git a/test/verify/check-packagekit b/test/verify/check-packagekit
@@ -766,9 +766,11 @@ ExecStart=/usr/local/bin/{packageName}
         # verify Markdown formatting in table cell
         self.assertEqual(b.text(sel + " td.changelog em"), "more")  # *more*
         self.assertEqual(b.attr(sel + " td.changelog a", "href"), "http://unicorn.example.com")
+        self.assertEqual(b.attr(sel + " td.changelog a", "target"), "_blank")
         # verify Markdown formatting in details
         self.assertEqual(b.text(sel + " .pf-m-expanded em"), "more")  # *more*
         self.assertEqual(b.attr(sel + " .pf-m-expanded a:first-of-type", "href"), "http://unicorn.example.com")
+        self.assertEqual(b.attr(sel + " .pf-m-expanded a:first-of-type", "target"), "_blank")
 
         # verify that changelog is absent in mobile
         b.set_layout("mobile")