Merge branch 'asciidoctor-xss-patch' into 'security'

Add sanitization filter to asciidocs output to prevent XSS See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2057
author: Robert Speicher <robert@gitlab.com> 2017-02-08 20:33:29 +0000
committer: Ruben Davila <rdavila84@gmail.com> 2017-02-13 18:14:51 -0500
commit: 4bf3b243da3eb73545fb76c024088e225c14024c (patch)
tree: e4fa26b5e8e47b15bfcdadcd406f45a7484181dc /lib
parent: f32ee822d66afcf8d6288d5e2e5660e19b18d5a7 (diff)
download: gitlab-ce-4bf3b243da3eb73545fb76c024088e225c14024c.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb
index 0618107e2c3..d575367d81a 100644
--- a/lib/gitlab/asciidoc.rb
+++ b/lib/gitlab/asciidoc.rb
@@ -36,6 +36,9 @@ module Gitlab
 
       html = Banzai.post_process(html, context)
 
+      filter = Banzai::Filter::SanitizationFilter.new(html)
+      html = filter.call.to_s
+
       html.html_safe
     end
author	Robert Speicher <robert@gitlab.com>	2017-02-08 20:33:29 +0000
committer	Ruben Davila <rdavila84@gmail.com>	2017-02-13 18:14:51 -0500
commit	4bf3b243da3eb73545fb76c024088e225c14024c (patch)
tree	e4fa26b5e8e47b15bfcdadcd406f45a7484181dc /lib
parent	f32ee822d66afcf8d6288d5e2e5660e19b18d5a7 (diff)
download	gitlab-ce-4bf3b243da3eb73545fb76c024088e225c14024c.tar.gz