summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorRobert Speicher <robert@gitlab.com>2017-02-08 20:33:29 +0000
committerRobert Speicher <rspeicher@gmail.com>2017-02-15 10:41:40 -0500
commit33c8d413d2b42bd7b823228a2739eddcd4dfbe51 (patch)
treefb10bca9ae43135427ee08896733d4d255c03981 /lib
parent4ca6a719a9f961efa8e9b2a9401319cbfc6403df (diff)
downloadgitlab-ce-33c8d413d2b42bd7b823228a2739eddcd4dfbe51.tar.gz
Merge branch 'asciidoctor-xss-patch' into 'security'
Add sanitization filter to asciidocs output to prevent XSS See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2057
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/asciidoc.rb3
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb
index 0618107e2c3..d575367d81a 100644
--- a/lib/gitlab/asciidoc.rb
+++ b/lib/gitlab/asciidoc.rb
@@ -36,6 +36,9 @@ module Gitlab
html = Banzai.post_process(html, context)
+ filter = Banzai::Filter::SanitizationFilter.new(html)
+ html = filter.call.to_s
+
html.html_safe
end
View Lorry Controller Status