diff options
| author | Robert Speicher <robert@gitlab.com> | 2016-05-07 19:08:46 +0000 |
|---|---|---|
| committer | Robert Speicher <robert@gitlab.com> | 2016-05-07 19:08:46 +0000 |
| commit | 4a844b73ff2daf6b08dc36a8c7117df753b8bdd7 (patch) | |
| tree | 29a415bf256895bd84d4a9bb26dc3702c5aea9f5 /CHANGELOG | |
| parent | f3578baa83ca8d576f4fe1bef50ebae61615768e (diff) | |
| parent | 21d89d0286e385d6d0a4debdbf7c801939c3e279 (diff) | |
| download | gitlab-ce-4a844b73ff2daf6b08dc36a8c7117df753b8bdd7.tar.gz | |
Merge branch 'fix-sanitize-svg' into 'master'
Update SVG sanitizer to conform to SVG 1.1
Original SVG sanitizer would strip out necessary elements and attributes.
Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate to handle case-sensitive SVG attributes since they parse documents as HTML instead of XML, which causes all SVG attribute names (e.g. `viewBox`) to be downcased.
* SVG element list: https://www.w3.org/TR/SVG/eltindex.html
* SVG attribute list: https://www.w3.org/TR/SVG/attindex.html
Closes #14555
See merge request !3401
Diffstat (limited to 'CHANGELOG')
| -rw-r--r-- | CHANGELOG | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG index e9b3e7b097d..fed3caef7e8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -16,6 +16,7 @@ v 8.8.0 (unreleased) - Use ActionDispatch Remote IP for Akismet checking - Fix error when visiting commit builds page before build was updated - Add 'l' shortcut to open Label dropdown on issuables and 'i' to create new issue on a project + - Update SVG sanitizer to conform to SVG 1.1 - Updated search UI - Display informative message when new milestone is created - Allow "NEWS" and "CHANGES" as alternative names for CHANGELOG. !3768 (Connor Shea) |