summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorRobert Speicher <rspeicher@gmail.com>2015-05-20 20:55:11 -0400
committerRobert Speicher <rspeicher@gmail.com>2015-05-20 21:16:11 -0400
commit212fe14c65b523ba71e3a199028d577b21216c60 (patch)
tree909fc382e96ff2908c3b3ae3088df3dc2353c6c1 /lib
parent71b1a2c7287f0838cdcaeb5a896d582cddfea5d1 (diff)
downloadgitlab-ce-212fe14c65b523ba71e3a199028d577b21216c60.tar.gz
Customize the sanitization whitelist only oncers-issue-1651
Fixes #1651
Diffstat (limited to 'lib')
-rw-r--r--lib/gitlab/markdown/sanitization_filter.rb35
1 files changed, 22 insertions, 13 deletions
diff --git a/lib/gitlab/markdown/sanitization_filter.rb b/lib/gitlab/markdown/sanitization_filter.rb
index 6f33155badf..88781fea0c8 100644
--- a/lib/gitlab/markdown/sanitization_filter.rb
+++ b/lib/gitlab/markdown/sanitization_filter.rb
@@ -8,28 +8,33 @@ module Gitlab
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
class SanitizationFilter < HTML::Pipeline::SanitizationFilter
def whitelist
- whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
+ whitelist = super
- # Allow code highlighting
- whitelist[:attributes]['pre'] = %w(class)
- whitelist[:attributes]['span'] = %w(class)
+ # Only push these customizations once
+ unless customized?(whitelist[:transformers])
+ # Allow code highlighting
+ whitelist[:attributes]['pre'] = %w(class)
+ whitelist[:attributes]['span'] = %w(class)
- # Allow table alignment
- whitelist[:attributes]['th'] = %w(style)
- whitelist[:attributes]['td'] = %w(style)
+ # Allow table alignment
+ whitelist[:attributes]['th'] = %w(style)
+ whitelist[:attributes]['td'] = %w(style)
- # Allow span elements
- whitelist[:elements].push('span')
+ # Allow span elements
+ whitelist[:elements].push('span')
- # Remove `rel` attribute from `a` elements
- whitelist[:transformers].push(remove_rel)
+ # Remove `rel` attribute from `a` elements
+ whitelist[:transformers].push(remove_rel)
- # Remove `class` attribute from non-highlight spans
- whitelist[:transformers].push(clean_spans)
+ # Remove `class` attribute from non-highlight spans
+ whitelist[:transformers].push(clean_spans)
+ end
whitelist
end
+ private
+
def remove_rel
lambda do |env|
if env[:node_name] == 'a'
@@ -48,6 +53,10 @@ module Gitlab
end
end
end
+
+ def customized?(transformers)
+ transformers.last.source_location[0] == __FILE__
+ end
end
end
end