Don't allow style attributes in inline HTML

author: Vinnie Okada <vokada@mrvinn.com> 2015-03-21 08:39:54 -0600
committer: Vinnie Okada <vokada@mrvinn.com> 2015-03-21 08:39:54 -0600
commit: cc29ce491786d631586c3b0d0da310b8b790a673 (patch)
tree: c7de114ccfc50b43d52c409300ec6bb20ebcffd9 /lib
parent: 52bf95ae380dc06243d0c4e5c8eb80f8be15a4f3 (diff)
download: gitlab-ce-cc29ce491786d631586c3b0d0da310b8b790a673.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/gitlab/markdown.rb b/lib/gitlab/markdown.rb
index cd70fd5e85b..65dce9291e6 100644
--- a/lib/gitlab/markdown.rb
+++ b/lib/gitlab/markdown.rb
@@ -88,7 +88,7 @@ module Gitlab
       ]
 
       whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
-      whitelist[:attributes][:all].push('class', 'id', 'style')
+      whitelist[:attributes][:all].push('class', 'id')
 
       # Remove the rel attribute that the sanitize gem adds, and remove the
       # href attribute if it contains inline javascript
author	Vinnie Okada <vokada@mrvinn.com>	2015-03-21 08:39:54 -0600
committer	Vinnie Okada <vokada@mrvinn.com>	2015-03-21 08:39:54 -0600
commit	cc29ce491786d631586c3b0d0da310b8b790a673 (patch)
tree	c7de114ccfc50b43d52c409300ec6bb20ebcffd9 /lib
parent	52bf95ae380dc06243d0c4e5c8eb80f8be15a4f3 (diff)
download	gitlab-ce-cc29ce491786d631586c3b0d0da310b8b790a673.tar.gz