diff options
| author | Douwe Maan <douwe@gitlab.com> | 2016-06-14 10:26:50 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2016-06-14 10:26:50 +0000 |
| commit | 066020fcd015ca92397b794342a49a46dd02582c (patch) | |
| tree | 8dba90e39740a892a9dd6e5a21584dbf243454ed /db/migrate | |
| parent | 0c0ef7dfb6afb1695b62037fc0fa5aba6ce697d7 (diff) | |
| parent | 03d2bf141cde7bb12f88f25bcb08a612e65044c4 (diff) | |
| download | gitlab-ce-066020fcd015ca92397b794342a49a46dd02582c.tar.gz | |
Merge branch 'fix-markdown-spec' into 'master'
Add whitelisted elements correctly in sanitization
Add whitelisted elements correctly in sanitization
Consider this command:
bundle exec rails r "include GitlabMarkdownHelper
puts markdown('<span>this is a span</span>', pipeline: :description)
puts markdown('<span>this is a span</span>')"
And the same in the opposite order:
bundle exec rails r "include GitlabMarkdownHelper
puts markdown('<span>this is a span</span>')
puts markdown('<span>this is a span</span>', pipeline: :description)"
Before this change, they would both output:
<p><span>this is a span</span></p>
<p>this is a span</p>
That's because `span` is added to the list of whitelisted elements in
the `SanitizationFilter`, but this method tries not to make the same
changes multiple times. Unfortunately,
`HTML::Pipeline::SanitizationFilter::LIMITED`, which is used by the
`DescriptionPipeline`, uses the same Ruby objects for all of its hash
values _except_ `:elements`.
That means that whichever of `DescriptionPipeline` and `GfmPipeline` is
called first would have `span` in its whitelisted elements, and the
second wouldn't.
Fix this by adding a special check for modifying `:elements` twice, then
checking `:transformers` as before.
See merge request !4588
Diffstat (limited to 'db/migrate')
0 files changed, 0 insertions, 0 deletions