From 0e391a72a14b786bd0c38404183ee658c88df762 Mon Sep 17 00:00:00 2001
From: Sam <sam.saffron@gmail.com>
Date: Wed, 28 Jun 2017 16:08:20 -0400
Subject: [PATCH] use custom whitelister for tables

---
 .../engines/markdown-it/table.js.es6          | 22 +++++---
 spec/components/pretty_text_spec.rb           | 51 +++++++++++++++----
 2 files changed, 56 insertions(+), 17 deletions(-)

diff --git a/app/assets/javascripts/pretty-text/engines/markdown-it/table.js.es6 b/app/assets/javascripts/pretty-text/engines/markdown-it/table.js.es6
index a7072b20b2b..4bb5ef92d62 100644
--- a/app/assets/javascripts/pretty-text/engines/markdown-it/table.js.es6
+++ b/app/assets/javascripts/pretty-text/engines/markdown-it/table.js.es6
@@ -4,18 +4,28 @@ export function setup(helper) {
 
   // this is built in now
   // TODO: sanitizer needs fixing, does not properly support this yet
+
+  // we need a custom callback for style handling
+  helper.whiteList({
+    custom: function(tag,attr,val) {
+      if (tag !== 'th' && tag !== 'td') {
+        return false;
+      }
+
+      if (attr !== 'style') {
+        return false;
+      }
+
+      return (val === 'text-align:right' || val === 'text-align:left' || val === 'text-align:center');
+    }
+  });
+
   helper.whiteList([
       'table',
-      'th[style=text-align:right]',
-      'th[style=text-align:left]',
-      'th[style=text-align:center]',
       'tbody',
       'thead',
       'tr',
       'th',
       'td',
-      'td[style=text-align:right]',
-      'td[style=text-align:left]',
-      'td[style=text-align:center]'
   ]);
 }
diff --git a/spec/components/pretty_text_spec.rb b/spec/components/pretty_text_spec.rb
index 94ac2971ee4..dde8589da27 100644
--- a/spec/components/pretty_text_spec.rb
+++ b/spec/components/pretty_text_spec.rb
@@ -679,20 +679,49 @@ HTML
       expect(quote.cooked).not_to include('[quote')
     end
 
+    it "supports tables" do
+      markdown = <<~MD
+        | Tables        | Are           | Cool  |
+        | ------------- |:-------------:| -----:|
+        | col 3 is      | right-aligned | $1600 |
+      MD
+
+      expected = <<~HTML
+        <table>
+        <thead>
+        <tr>
+        <th>Tables</th>
+        <th style="text-align:center">Are</th>
+        <th style="text-align:right">Cool</th>
+        </tr>
+        </thead>
+        <tbody>
+        <tr>
+        <td>col 3 is</td>
+        <td style="text-align:center">right-aligned</td>
+        <td style="text-align:right">$1600</td>
+        </tr>
+        </tbody>
+        </table>
+      HTML
+
+      expect(PrettyText.cook(markdown)).to eq(expected.strip)
+    end
+
     it "do off topic quoting with emoji unescape" do
 
       topic = Fabricate(:topic, title: "this is a test topic :slight_smile:")
-      expected = <<HTML
-<aside class="quote" data-topic="#{topic.id}" data-post="2">
-<div class="title">
-  <div class="quote-controls"></div>
-  <a href="http://test.localhost/t/this-is-a-test-topic-slight-smile/#{topic.id}/2">This is a test topic <img src="/images/emoji/twitter/slight_smile.png?v=5" title="slight_smile" alt="slight_smile" class="emoji"></a>
-</div>
-<blockquote>
-  <p>ddd</p>
-</blockquote>
-</aside>
-HTML
+      expected = <<~HTML
+        <aside class="quote" data-topic="#{topic.id}" data-post="2">
+        <div class="title">
+          <div class="quote-controls"></div>
+          <a href="http://test.localhost/t/this-is-a-test-topic-slight-smile/#{topic.id}/2">This is a test topic <img src="/images/emoji/twitter/slight_smile.png?v=5" title="slight_smile" alt="slight_smile" class="emoji"></a>
+        </div>
+        <blockquote>
+          <p>ddd</p>
+        </blockquote>
+        </aside>
+      HTML
 
       expect(cook("[quote=\"EvilTrout, post:2, topic:#{topic.id}\"]\nddd\n[/quote]", topic_id: 1)).to eq(n(expected))
     end