Render markdown for Vulnerability Description
Related to #346014 (closed)
What does this MR do and why?
It allows the vulnerability description to be rendered as markdown
content, but only when present.
As the Vulnerability description
filed is a cache markdown field in the backend. So rendering the description_html
field on the frontend should be enough for this change. However, it was noted that when vulnerability data is uploaded by runners, they may not be using correct way (Rails.model
) to update the data, and hence description_html
field is not updated automagically, resulting its value as null.
We'll fix that issue in a follow-up - #347403 (closed)
So in short,
- It should render the markdown when
description_html
is present - It shouldn't render the markdown when
description_html
is not present - and fallback to
description
field which is a plain-text and the current behavior. - Also: it only affects the Vulnerability Details page.
Screenshots or screen recordings
- when
description_html
is present
before | after |
---|---|
- when
description_html
is not present
before | after |
---|---|
How to set up and validate locally
- Access the local DB
gdk psql -d gitlabhq_development
- Update the vulnerability content with markdown html (This shouldn't be required in production, as
description
is cache markdown field)
UPDATE vulnerabilities SET description_html = '<p dir="auto" data-sourcepos="1:1-1:61">Cypher with no <code>integrity</code>. <a rel="nofollow noreferrer noopener" href="https://google.com">Learn more</a>.</p>' where id = 49;
- Access the vulnerability details page
http://127.0.0.1:3000/flightjs/Flight/-/security/vulnerabilities/49
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.