Personal snippet uploads have neither a group nor a project. If a GitLab
instance were configured with a relative URL root (e.g. `/gitlab`), then
the Markdown filter would not include this root in the generated path.
We fix this by adding this root if there is no group or project.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/56280

Such as those with IDN homographs or embedded
right-to-left (RTLO) characters.

Autolinked hrefs should be escaped

and additional spec

All the ids and classes were stripped.  Add them back in
and make ids unique

Also update banzai tests to use reference_link_text

It's possible that URI fails to parse a link, but browsers
still recognize given URL as a link, we should make sure
that 'rel' attribute is set also in this case.

CE backport of https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/8632

[master] XSS in markdown following unrecognized HTML element

Closes #2732

See merge request gitlab/gitlabhq!2599

Signed-off-by: NTakuya Noguchi <takninnovationresearch@gmail.com>

Changes `Banzai::CrossProjectReference#parent_from_ref` to return the
project in the context if the project's `full_path` matches the ref
we're looking for, as it makes no sense to go to the database to find a
Project we already have loaded.

Preloading of project_features mitigates N+1 queries when checking
references in other projects.

When loading projects for resources referenced in comments it
makes sense to include also associated project_features because
in the following step (`can_read_reference?(user, projects[node],
node)`) project features is used for checking permissions for the given
project.

https://gitlab.com/gitlab-org/gitlab-ce/issues/52009

Even if it doesn’t save lines of code, since people will tend to use
code they’ve seen. And `SafeRequestStore` is safer since you
don’t have to remember to check `RequestStore.active?`.

- utilize the 'out' method to output the 'fence_info',
  which converts to utf8
- output 'sourcepos' again

This can be done trough the API for the current user, or on the
profile page.

The sanitize transformers were being duplicated each time the Markdown
renderer was called, leading to expontential growth in rendering times.

The problem was that although HTML::Pipeline::SanitizationFilter.WHITELIST
is a frozen hash, the `:transformers` array can be modified. We need
to do deep copy of this to avoid adding duplicates.

Closes #49409

This also fixes a bug with the ImageLazyLoadFilter not doing the right
thing when an existing class attribute is present.

Part of #47424

Add back the Project#to_reference_with_postfix function since it can be used in the ProjectReferenceFilter#link_to_project function

Remove the Project#to_reference_with_postfix method since it is only used in the project_reference_filter_spec