Merge pull request #1773 from codidact/0valt/1731/thread-title-validation

Thread title validation

Author: Oaphi

app/assets/javascripts/character_count.js

@@ -62,8 +62,18 @@ $(() => {
     const $button = $form.find('input[type="submit"],.js-suggested-edit-approve');
     const $count = $counter.find('.js-character-count__count');
     const $icon = $counter.find('.js-character-count__icon');
+    const $info = $counter.find('.js-character-count__info');
+    const omitMarkdown = $tgt.data('markdown') === 'strip';
+
+    const fullCount = $tgt.val().trim().length;
+    const count = omitMarkdown ?
+                    QPixel.MD.stripMarkdown($tgt.val().trim(), { removeLeadingQuote: true }).length :
+                    fullCount;
+
+    $info.toggleClass('hide', fullCount === count)
+         .attr('title', 'Markdown will be stripped away and does not count towards the limit');
+    $icon.toggleClass('hide', fullCount !== count);
 
-    const count = $tgt.val().length;
     const max = parseInt($counter.attr('data-max'), 10);
     const min = parseInt($counter.attr('data-min'), 10);
     const threshold = parseFloat($counter.attr('data-threshold'));

app/assets/javascripts/qpixel_markdown.js

@@ -0,0 +1,16 @@
+window.QPixel = window.QPixel || {};
+
+QPixel.MD = {
+  stripMarkdown: (content, options = {}) => {
+    const stripped = content
+      .replace(/(?:^#+ +|^-{3,}|^\[[^\]]+\]: ?.+$|^!\[[^\]]+\](?:\([^)]+\)|\[[^\]]+\])$|<[^>]+>)/g, '')
+      .replace(/[*_~]+/g, '')
+      .replace(/!?\[([^\]]+)\](?:\([^)]+\)|\[[^\]]+\])/g, '$1');
+    
+    if (options.removeLeadingQuote ?? false) {
+      return stripped.replace(/^>.+?$/g, '');
+    }
+
+    return stripped;
+  },
+};

app/controllers/comments_controller.rb

@@ -26,7 +26,7 @@ def create_thread
 
     body = params[:body]
 
-    @comment_thread = CommentThread.new(title: title, post: @post)
+    @comment_thread = CommentThread.new(title: helpers.strip_markdown(title, strip_leading_quote: true), post: @post)
     @comment = Comment.new(post: @post, content: body, user: current_user, comment_thread: @comment_thread)
 
     pings = check_for_pings(@comment_thread, body)
@@ -208,7 +208,13 @@ def thread_rename
       return
     end
 
-    @comment_thread.update title: params[:title]
+    title = helpers.strip_markdown(params[:title], strip_leading_quote: true)
+    status = @comment_thread.update(title: title)
+
+    unless status
+      flash[:danger] = I18n.t('comments.errors.rename_thread_generic')
+    end
+
     redirect_to comment_thread_path(@comment_thread.id)
   end
 

app/helpers/application_helper.rb

@@ -127,16 +127,20 @@ def render_markdown(markdown)
   # This isn't a perfect way to strip out Markdown, so it should only be used for non-critical things like
   # page descriptions - things that will later be supplemented by the full formatted content.
   # @param markdown [String] The Markdown string to strip.
+  # @param strip_leading_quote [Boolean] whether to remove the leading blockquote if present
   # @return [String] The plain-text equivalent.
-  def strip_markdown(markdown)
+  def strip_markdown(markdown, strip_leading_quote: false)
     # Remove block-level formatting: headers, hr, references, images, HTML tags
     markdown = markdown.gsub(/(?:^#+ +|^-{3,}|^\[[^\]]+\]: ?.+$|^!\[[^\]]+\](?:\([^)]+\)|\[[^\]]+\])$|<[^>]+>)/, '')
 
     # Remove inline formatting: bold, italic, strike etc.
     markdown = markdown.gsub(/[*_~]+/, '')
 
     # Remove links and inline images but replace them with their text/alt text.
-    markdown.gsub(/!?\[([^\]]+)\](?:\([^)]+\)|\[[^\]]+\])/, '\1')
+    markdown = markdown.gsub(/!?\[([^\]]+)\](?:\([^)]+\)|\[[^\]]+\])/, '\1')
+
+    # Optionally remove the leading blockquote
+    strip_leading_quote ? markdown.gsub(/^>.+?$/, '') : markdown
   end
 
   ##

app/helpers/comments_helper.rb

@@ -4,8 +4,7 @@ module CommentsHelper
   # @param body [String] coment thread body
   # @return [String] generated title
   def generate_thread_title(body)
-    body = strip_markdown(body)
-    body = body.gsub(/^>.+?$/, '') # also remove leading blockquotes
+    body = strip_markdown(body, strip_leading_quote: true)
 
     if body.length > 100
       "#{body[0..100]}..."
@@ -184,6 +183,12 @@ def comment_rate_limited?(user, post, create_audit_log: true)
 
     [true, message]
   end
+
+  # Get the maximum comment thread title length for the current community, with a maximum of 255.
+  # @return [Integer]
+  def maximum_thread_title_length
+    [SiteSetting['MaxThreadTitleLength'] || 255, 255].min
+  end
 end
 
 # HTML sanitizer for use with comments.

app/models/comment_thread.rb

@@ -11,6 +11,9 @@ class CommentThread < ApplicationRecord
   scope :publicly_available, -> { where(deleted: false).where('reply_count > 0') }
   scope :archived, -> { where(archived: true) }
 
+  validate :maximum_title_length
+  validates :title, presence: { message: I18n.t('comments.errors.title_presence') }
+
   after_create :create_follower
 
   def self.post_followed?(post, user)
@@ -21,10 +24,16 @@ def read_only?
     locked? || archived? || deleted?
   end
 
+  # Is a given user a follower of the thread?
+  # @param user [User] user to check
+  # @return [Boolean] check result
   def followed_by?(user)
     ThreadFollower.where(comment_thread: self, user: user).any?
   end
 
+  # Does a given user have access to the thread?
+  # @param user [User] user to check access for
+  # @return [Boolean] check result
   def can_access?(user)
     (!deleted? || user&.privilege?('flag_curate') || user&.post_privilege?('flag_curate', post)) &&
       post.can_access?(user)
@@ -53,6 +62,13 @@ def pingable
     ActiveRecord::Base.connection.execute(query).to_a.flatten
   end
 
+  def maximum_title_length
+    max_len = SiteSetting['MaxThreadTitleLength'] || 255
+    if title.length > [max_len, 255].min
+      errors.add(:title, "can't be more than #{max_len} characters")
+    end
+  end
+
   private
 
   # Comment author and post author are automatically followed to the thread. Question author is NOT

app/views/comments/_new_thread_modal.html.erb

@@ -1,6 +1,6 @@
 <%#
-    Start new comment thread dialog.
-%>
+   "Start new comment thread dialog.
+"%>
 
 <%
   # TODO: make configurable
@@ -43,10 +43,17 @@
                          class: 'form-element js-thread-title-field',
                          data: { post: post.id,
                                  thread: '-1',
-                                 character_count: ".js-character-count-thread-title" } %>
-      <%= render 'shared/char_count', type: 'thread-title' %>
+                                 character_count: '.js-character-count-thread-title',
+                                 markdown: 'strip' } %>
+      <%= render 'shared/char_count',
+                 type: 'thread-title',
+                 min: 1,
+                 max: maximum_thread_title_length %>
 
-      <%= submit_tag 'Create thread', class: 'button is-filled', id: "create_thread_button_#{post.id}", disabled: true %>
+      <%= submit_tag 'Create thread',
+                     class: 'button is-filled',
+                     id: "create_thread_button_#{post.id}",
+                     disabled: true %>
     <% end %>
   </div>
 </div>

app/views/comments/_rename_thread_modal.html.erb

@@ -1,9 +1,9 @@
 <%#
-  Helper for rendering comment thread rename action modal
+   "Helper for rendering comment thread rename action modal
 
   Variables:
     thread : Comment thread to create the modal for
-%>
+"%>
 
 <div class="modal is-with-backdrop is-small js--rename-thread-<%= thread.id %>">
   <%= form_tag rename_comment_thread_path(thread.id), class: 'modal--container' do %>
@@ -12,18 +12,28 @@
               class="button is-close-button modal--header-button"
               data-modal=".js--rename-thread-<%= thread.id %>">&times;
       </button>
-      Rename...
+      Rename thread
     </div>
     <div class="modal--body">
       <%= label_tag :title, 'Title', class: 'form-element' %>
       <%= text_field_tag :title,
                          thread.title,
                          class: 'form-element js-thread-title-field',
-                         data: { post: thread.post.id, thread: thread.id } %>
+                         data: { post: thread.post.id,
+                                 thread: thread.id,
+                                 character_count: ".js-character-count-thread-title-#{thread.id}",
+                                 markdown: 'strip' } %>
+      <%= render 'shared/char_count',
+                 type: "thread-title-#{thread.id}",
+                 cur: thread.title.length,
+                 min: 1,
+                 max: maximum_thread_title_length %>
     </div>
     <div class="modal--footer">
       <%= submit_tag 'Update thread', class: 'button is-muted is-filled' %>
-      <button type="button" class="button is-muted" data-modal=".js--rename-thread-<%= thread.id %>">Cancel</button>
+      <button type="button"
+              class="button is-muted"
+              data-modal=".js--rename-thread-<%= thread.id %>">Cancel</button>
     </div>
   <% end %>
 </div>

app/views/shared/_char_count.html.erb

@@ -21,8 +21,9 @@
   data-max="<%= max %>"
   data-min="<%= min %>"
   data-threshold="<%= threshold %>">
+    <i class="fas fa-info-circle hide js-character-count__info"></i>
     <i class="fas fa-ellipsis-h js-character-count__icon"></i>
     <span class="js-character-count__count">
       <%= cur %> / <%= cur < min ? min : max %>
     </span>
-</span>
+</span>

config/locales/strings/en.comments.yml

@@ -29,6 +29,10 @@ en:
         Something went wrong when trying to delete the comment.
       undelete_comment_server_error: >
         Something went wrong when trying to undelete the comment.
+      rename_thread_generic: >
+        Failed to rename the thread.
+      title_presence: >
+        can't be empty after Markdown is removed.
     labels:
       create_new_thread: >
         Start new comment thread