diff options
author | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:02:01 +0000 |
---|---|---|
committer | Cindy Pallares <cindy@gitlab.com> | 2018-11-28 19:09:35 -0500 |
commit | b5b475c273aca6aee13f628507cef9f077281a02 (patch) | |
tree | 4b7350033cba6765fc7638ac2864cdef7610cdbc /lib/banzai/filter/spaced_link_filter.rb | |
parent | c4bb0a116efb8d95dcf7edd92424795ea919660f (diff) | |
download | gitlab-ce-b5b475c273aca6aee13f628507cef9f077281a02.tar.gz |
Merge branch 'security-xss-in-markdown-following-unrecognized-html-element' into 'master'
[master] XSS in markdown following unrecognized HTML element
Closes #2732
See merge request gitlab/gitlabhq!2599
Diffstat (limited to 'lib/banzai/filter/spaced_link_filter.rb')
-rw-r--r-- | lib/banzai/filter/spaced_link_filter.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/banzai/filter/spaced_link_filter.rb b/lib/banzai/filter/spaced_link_filter.rb index a27f1d46863..c6a3a763c23 100644 --- a/lib/banzai/filter/spaced_link_filter.rb +++ b/lib/banzai/filter/spaced_link_filter.rb @@ -17,6 +17,9 @@ module Banzai # This is a small extension to the CommonMark spec. If they start allowing # spaces in urls, we could then remove this filter. # + # Note: Filter::SanitizationFilter should always be run sometime after this filter + # to prevent XSS attacks + # class SpacedLinkFilter < HTML::Pipeline::Filter include ActionView::Helpers::TagHelper |