diff options
author | Ahmad Sherif <me@ahmadsherif.com> | 2016-09-21 15:55:04 +0200 |
---|---|---|
committer | Ahmad Sherif <me@ahmadsherif.com> | 2016-09-21 19:16:26 +0200 |
commit | 40262b7a269d2462dc4b58d573a1dd1a80f80d49 (patch) | |
tree | ad9bc5dd090b821abbec80374e5655398e121fae | |
parent | 9b0f552cb0e40299e015727d9b1224ef0d7cf9cc (diff) | |
download | gitlab-ce-fix/memory-leak-sanitization-filter.tar.gz |
Fix the leak mentioned in 504a3b5 by another wayfix/memory-leak-sanitization-filter
The previous fix introduced another leak; as it made
Banzai::Filter::SanitizationFiler#customized? always return false, so we
were always appending two elements to
HTML::Pipeline::SanitizationFilter::WHITELIST[:elements]. This growth in
the elements array would slow the sanitization process over time.
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 60 |
2 files changed, 32 insertions, 29 deletions
diff --git a/CHANGELOG b/CHANGELOG index f02488d2648..78f4879feba 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -179,6 +179,7 @@ v 8.12.0 (unreleased) - Add UX improvements for merge request version diffs - Fix Import/Export issues importing protected branches and some specific models - Fix non-master branch readme display in tree view + - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST - Add UX improvements for merge request version diffs v 8.11.7 diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index ca80aac5a08..2470362e019 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -43,55 +43,57 @@ module Banzai whitelist[:protocols].delete('a') # ...but then remove links with unsafe protocols - whitelist[:transformers].push(remove_unsafe_links) + whitelist[:transformers].push(self.class.remove_unsafe_links) # Remove `rel` attribute from `a` elements - whitelist[:transformers].push(remove_rel) + whitelist[:transformers].push(self.class.remove_rel) # Remove `class` attribute from non-highlight spans - whitelist[:transformers].push(clean_spans) + whitelist[:transformers].push(self.class.clean_spans) whitelist end - def remove_unsafe_links - lambda do |env| - node = env[:node] + class << self + def remove_unsafe_links + lambda do |env| + node = env[:node] - return unless node.name == 'a' - return unless node.has_attribute?('href') + return unless node.name == 'a' + return unless node.has_attribute?('href') - begin - uri = Addressable::URI.parse(node['href']) - uri.scheme = uri.scheme.strip.downcase if uri.scheme + begin + uri = Addressable::URI.parse(node['href']) + uri.scheme = uri.scheme.strip.downcase if uri.scheme - node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) - rescue Addressable::URI::InvalidURIError - node.remove_attribute('href') + node.remove_attribute('href') if UNSAFE_PROTOCOLS.include?(uri.scheme) + rescue Addressable::URI::InvalidURIError + node.remove_attribute('href') + end end end - end - def remove_rel - lambda do |env| - if env[:node_name] == 'a' - env[:node].remove_attribute('rel') + def remove_rel + lambda do |env| + if env[:node_name] == 'a' + env[:node].remove_attribute('rel') + end end end - end - def clean_spans - lambda do |env| - node = env[:node] + def clean_spans + lambda do |env| + node = env[:node] - return unless node.name == 'span' - return unless node.has_attribute?('class') + return unless node.name == 'span' + return unless node.has_attribute?('class') - unless has_ancestor?(node, 'pre') - node.remove_attribute('class') - end + unless node.ancestors.any? { |n| n.name.casecmp('pre').zero? } + node.remove_attribute('class') + end - { node_whitelist: [node] } + { node_whitelist: [node] } + end end end end |