diff options
| author | Robert Speicher <rspeicher@gmail.com> | 2017-09-22 11:51:09 -0400 |
|---|---|---|
| committer | Robert Speicher <rspeicher@gmail.com> | 2017-09-22 12:00:02 -0400 |
| commit | c3bda6c3894528fb211c582c5b8da8d6ae125e52 (patch) | |
| tree | 94a9e8a02cc4f978a7b8f1d74c28c5ec88df60be /lib/banzai | |
| parent | f9df0e13e3224e90dcddded6d8ae4f1eabc3b6db (diff) | |
| download | gitlab-ce-c3bda6c3894528fb211c582c5b8da8d6ae125e52.tar.gz | |
Re-allow `name` attribute on user-provided anchor HTML
Diffstat (limited to 'lib/banzai')
| -rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 9923ec4e870..88b17e12576 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -45,8 +45,9 @@ module Banzai whitelist[:elements].push('abbr') whitelist[:attributes]['abbr'] = %w(title) - # Disallow `name` attribute globally + # Disallow `name` attribute globally, allow on `a` whitelist[:attributes][:all].delete('name') + whitelist[:attributes]['a'].push('name') # Allow any protocol in `a` elements... whitelist[:protocols].delete('a') |