diff options
| author | mhasbini <mohammad.hasbini@gmail.com> | 2017-03-07 12:08:59 +0200 |
|---|---|---|
| committer | mhasbini <mohammad.hasbini@gmail.com> | 2017-03-07 12:08:59 +0200 |
| commit | 9bcd05401d7de5620a241b3bf431f589f74ee6a5 (patch) | |
| tree | 64cfd53b7ecd6d7862c9a0475eb5681f0eafd731 | |
| parent | b696cbc5a095bcd9dff445b7579651a615977e3d (diff) | |
| download | gitlab-ce-9bcd05401d7de5620a241b3bf431f589f74ee6a5.tar.gz | |
whitelist style attribute in event_note
| -rw-r--r-- | app/helpers/events_helper.rb | 7 | ||||
| -rw-r--r-- | changelogs/unreleased/26790-label-color-todos.yml | 4 | ||||
| -rw-r--r-- | spec/helpers/events_helper_spec.rb | 7 |
3 files changed, 17 insertions, 1 deletions
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb index 362046c0270..5605393c0c3 100644 --- a/app/helpers/events_helper.rb +++ b/app/helpers/events_helper.rb @@ -162,7 +162,12 @@ module EventsHelper def event_note(text, options = {}) text = first_line_in_markdown(text, 150, options) - sanitize(text, tags: %w(a img b pre code p span)) + + sanitize( + text, + tags: %w(a img b pre code p span), + attributes: Rails::Html::WhiteListSanitizer.allowed_attributes + ['style'] + ) end def event_commit_title(message) diff --git a/changelogs/unreleased/26790-label-color-todos.yml b/changelogs/unreleased/26790-label-color-todos.yml new file mode 100644 index 00000000000..74084473d81 --- /dev/null +++ b/changelogs/unreleased/26790-label-color-todos.yml @@ -0,0 +1,4 @@ +--- +title: fix background color for labels mention in todo +merge_request: 9155 +author: mhasbini diff --git a/spec/helpers/events_helper_spec.rb b/spec/helpers/events_helper_spec.rb index 594b40303bc..81ba693f2f3 100644 --- a/spec/helpers/events_helper_spec.rb +++ b/spec/helpers/events_helper_spec.rb @@ -61,6 +61,13 @@ describe EventsHelper do '</code></pre>' expect(helper.event_note(input)).to eq(expected) end + + it 'preserves style attribute within a tag' do + input = '<span class="" style="background-color: #44ad8e; color: #FFFFFF;"></span>' + expected = '<p><span style="background-color: #44ad8e; color: #FFFFFF;"></span></p>' + + expect(helper.event_note(input)).to eq(expected) + end end describe '#event_commit_title' do |