diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-09-25 07:49:43 +0000 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2017-09-25 07:49:43 +0000 |
commit | a183b529dc2a1b9345ec594578d1d54b777f9365 (patch) | |
tree | 8f8784d141384d0852c8255dfac1ad3cec3bb895 /lib | |
parent | 26f05621248c6155af196794239d80117f915a0c (diff) | |
parent | f6bc4403d2f83e5571a06af3ad0989422bf23c12 (diff) | |
download | gitlab-ce-a183b529dc2a1b9345ec594578d1d54b777f9365.tar.gz |
Merge branch 'rs-allow-name-on-anchors' into 'master'
Re-allow `name` attribute on user-provided anchor HTML
Closes #38196
See merge request gitlab-org/gitlab-ce!14452
Diffstat (limited to 'lib')
-rw-r--r-- | lib/banzai/filter/sanitization_filter.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb index 9923ec4e870..88b17e12576 100644 --- a/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb @@ -45,8 +45,9 @@ module Banzai whitelist[:elements].push('abbr') whitelist[:attributes]['abbr'] = %w(title) - # Disallow `name` attribute globally + # Disallow `name` attribute globally, allow on `a` whitelist[:attributes][:all].delete('name') + whitelist[:attributes]['a'].push('name') # Allow any protocol in `a` elements... whitelist[:protocols].delete('a') |