Merge branch '30125-markdown-security'

Remove class from SanitizationFilter whitelist See merge request !2079
author: Robert Speicher <robert@gitlab.com> 2017-04-02 17:39:41 +0000
committer: DJ Mountney <david@twkie.net> 2017-04-05 21:03:46 -0700
commit: 2e8aa209f013d567bb3956a3e4201d3b2d63fe10 (patch)
tree: 4e2562c7630c5aa4d4bb68bd3e179f80a64eb5c3 /spec/lib/banzai/filter/sanitization_filter_spec.rb
parent: 5fde7c6c3b415656fe443a3ce27f12f41507a713 (diff)
download: gitlab-ce-2e8aa209f013d567bb3956a3e4201d3b2d63fe10.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/spec/lib/banzai/filter/sanitization_filter_spec.rb b/spec/lib/banzai/filter/sanitization_filter_spec.rb
index b4cd5f63a15..fdbc65b5e00 100644
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -49,11 +49,12 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
       instance = described_class.new('Foo')
       3.times { instance.whitelist }
 
-      expect(instance.whitelist[:transformers].size).to eq 5
+      expect(instance.whitelist[:transformers].size).to eq 4
     end
 
-    it 'allows syntax highlighting' do
-      exp = act = %q{<pre class="code highlight white c"><code><span class="k">def</span></code></pre>}
+    it 'sanitizes `class` attribute from all elements' do
+      act = %q{<pre class="code highlight white c"><code>&lt;span class="k"&gt;def&lt;/span&gt;</code></pre>}
+      exp = %q{<pre><code>&lt;span class="k"&gt;def&lt;/span&gt;</code></pre>}
       expect(filter(act).to_html).to eq exp
     end
author	Robert Speicher <robert@gitlab.com>	2017-04-02 17:39:41 +0000
committer	DJ Mountney <david@twkie.net>	2017-04-05 21:03:46 -0700
commit	2e8aa209f013d567bb3956a3e4201d3b2d63fe10 (patch)
tree	4e2562c7630c5aa4d4bb68bd3e179f80a64eb5c3 /spec/lib/banzai/filter/sanitization_filter_spec.rb
parent	5fde7c6c3b415656fe443a3ce27f12f41507a713 (diff)
download	gitlab-ce-2e8aa209f013d567bb3956a3e4201d3b2d63fe10.tar.gz