Make Pipelines responsible for defining their custom whitelistrs-whitelist-in-pipeline

This allows for future pipelines to more easily define a custom whitelist.
author: Robert Speicher <rspeicher@gmail.com> 2016-02-03 17:19:54 -0500
committer: Robert Speicher <rspeicher@gmail.com> 2016-02-03 17:24:08 -0500
commit: 47982e50c4038ed6e56b1dd28b4d4888b33460eb (patch)
tree: 66be246da5326da866e4c45cac488c97a173d0b6 /lib/banzai/pipeline
parent: 1731f45e2b27058178619b09df1473a041e024dd (diff)
download: gitlab-ce-47982e50c4038ed6e56b1dd28b4d4888b33460eb.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/banzai/pipeline/description_pipeline.rb b/lib/banzai/pipeline/description_pipeline.rb
index 20e24ace352..f2395867658 100644
--- a/lib/banzai/pipeline/description_pipeline.rb
+++ b/lib/banzai/pipeline/description_pipeline.rb
@@ -4,9 +4,20 @@ module Banzai
       def self.transform_context(context)
         super(context).merge(
           # SanitizationFilter
-          inline_sanitization: true
+          whitelist: whitelist
         )
       end
+
+      private
+
+      def self.whitelist
+        # Descriptions are more heavily sanitized, allowing only a few elements.
+        # See http://git.io/vkuAN
+        whitelist = Banzai::Filter::SanitizationFilter::LIMITED
+        whitelist[:elements] -= %w(pre code img ol ul li)
+
+        whitelist
+      end
     end
   end
 end
author	Robert Speicher <rspeicher@gmail.com>	2016-02-03 17:19:54 -0500
committer	Robert Speicher <rspeicher@gmail.com>	2016-02-03 17:24:08 -0500
commit	47982e50c4038ed6e56b1dd28b4d4888b33460eb (patch)
tree	66be246da5326da866e4c45cac488c97a173d0b6 /lib/banzai/pipeline
parent	1731f45e2b27058178619b09df1473a041e024dd (diff)
download	gitlab-ce-47982e50c4038ed6e56b1dd28b4d4888b33460eb.tar.gz