diff options
author | Robert Speicher <rspeicher@gmail.com> | 2015-05-20 20:55:11 -0400 |
---|---|---|
committer | Robert Speicher <rspeicher@gmail.com> | 2015-05-20 21:16:11 -0400 |
commit | 212fe14c65b523ba71e3a199028d577b21216c60 (patch) | |
tree | 909fc382e96ff2908c3b3ae3088df3dc2353c6c1 /lib | |
parent | 71b1a2c7287f0838cdcaeb5a896d582cddfea5d1 (diff) | |
download | gitlab-ce-212fe14c65b523ba71e3a199028d577b21216c60.tar.gz |
Customize the sanitization whitelist only oncers-issue-1651
Fixes #1651
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/markdown/sanitization_filter.rb | 35 |
1 files changed, 22 insertions, 13 deletions
diff --git a/lib/gitlab/markdown/sanitization_filter.rb b/lib/gitlab/markdown/sanitization_filter.rb index 6f33155badf..88781fea0c8 100644 --- a/lib/gitlab/markdown/sanitization_filter.rb +++ b/lib/gitlab/markdown/sanitization_filter.rb @@ -8,28 +8,33 @@ module Gitlab # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist. class SanitizationFilter < HTML::Pipeline::SanitizationFilter def whitelist - whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST + whitelist = super - # Allow code highlighting - whitelist[:attributes]['pre'] = %w(class) - whitelist[:attributes]['span'] = %w(class) + # Only push these customizations once + unless customized?(whitelist[:transformers]) + # Allow code highlighting + whitelist[:attributes]['pre'] = %w(class) + whitelist[:attributes]['span'] = %w(class) - # Allow table alignment - whitelist[:attributes]['th'] = %w(style) - whitelist[:attributes]['td'] = %w(style) + # Allow table alignment + whitelist[:attributes]['th'] = %w(style) + whitelist[:attributes]['td'] = %w(style) - # Allow span elements - whitelist[:elements].push('span') + # Allow span elements + whitelist[:elements].push('span') - # Remove `rel` attribute from `a` elements - whitelist[:transformers].push(remove_rel) + # Remove `rel` attribute from `a` elements + whitelist[:transformers].push(remove_rel) - # Remove `class` attribute from non-highlight spans - whitelist[:transformers].push(clean_spans) + # Remove `class` attribute from non-highlight spans + whitelist[:transformers].push(clean_spans) + end whitelist end + private + def remove_rel lambda do |env| if env[:node_name] == 'a' @@ -48,6 +53,10 @@ module Gitlab end end end + + def customized?(transformers) + transformers.last.source_location[0] == __FILE__ + end end end end |