diff options
author | Robert Speicher <robert@gitlab.com> | 2017-02-08 20:33:29 +0000 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2017-02-13 18:14:51 -0500 |
commit | 4bf3b243da3eb73545fb76c024088e225c14024c (patch) | |
tree | e4fa26b5e8e47b15bfcdadcd406f45a7484181dc /lib | |
parent | f32ee822d66afcf8d6288d5e2e5660e19b18d5a7 (diff) | |
download | gitlab-ce-4bf3b243da3eb73545fb76c024088e225c14024c.tar.gz |
Merge branch 'asciidoctor-xss-patch' into 'security'
Add sanitization filter to asciidocs output to prevent XSS
See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2057
Diffstat (limited to 'lib')
-rw-r--r-- | lib/gitlab/asciidoc.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb index 0618107e2c3..d575367d81a 100644 --- a/lib/gitlab/asciidoc.rb +++ b/lib/gitlab/asciidoc.rb @@ -36,6 +36,9 @@ module Gitlab html = Banzai.post_process(html, context) + filter = Banzai::Filter::SanitizationFilter.new(html) + html = filter.call.to_s + html.html_safe end |