diff options
author | Robert Speicher <rspeicher@gmail.com> | 2016-02-03 17:19:54 -0500 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2016-02-03 17:24:08 -0500 |
commit | 47982e50c4038ed6e56b1dd28b4d4888b33460eb (patch) | |
tree | 66be246da5326da866e4c45cac488c97a173d0b6 /lib/banzai/pipeline | |
parent | 1731f45e2b27058178619b09df1473a041e024dd (diff) | |
download | gitlab-ce-47982e50c4038ed6e56b1dd28b4d4888b33460eb.tar.gz |
Make Pipelines responsible for defining their custom whitelistrs-whitelist-in-pipeline
This allows for future pipelines to more easily define a custom
whitelist.
Diffstat (limited to 'lib/banzai/pipeline')
-rw-r--r-- | lib/banzai/pipeline/description_pipeline.rb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/lib/banzai/pipeline/description_pipeline.rb b/lib/banzai/pipeline/description_pipeline.rb index 20e24ace352..f2395867658 100644 --- a/lib/banzai/pipeline/description_pipeline.rb +++ b/lib/banzai/pipeline/description_pipeline.rb @@ -4,9 +4,20 @@ module Banzai def self.transform_context(context) super(context).merge( # SanitizationFilter - inline_sanitization: true + whitelist: whitelist ) end + + private + + def self.whitelist + # Descriptions are more heavily sanitized, allowing only a few elements. + # See http://git.io/vkuAN + whitelist = Banzai::Filter::SanitizationFilter::LIMITED + whitelist[:elements] -= %w(pre code img ol ul li) + + whitelist + end end end end |