summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Gemfile1
-rw-r--r--Gemfile.lock3
-rw-r--r--app/controllers/projects/branches_controller.rb4
-rw-r--r--app/helpers/markup_helper.rb4
-rw-r--r--config/application.rb2
5 files changed, 3 insertions, 11 deletions
diff --git a/Gemfile b/Gemfile
index 1c7ad5abcb5..ca35e8845cf 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,6 @@
source 'https://rubygems.org'
gem 'rails', '5.0.7.2'
-gem 'rails-deprecated_sanitizer', '~> 1.0.3'
# Improves copy-on-write performance for MRI
gem 'nakayoshi_fork', '~> 0.0.4'
diff --git a/Gemfile.lock b/Gemfile.lock
index 3314a769949..56b2619b31d 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -654,8 +654,6 @@ GEM
actionpack (~> 5.x, >= 5.0.1)
actionview (~> 5.x, >= 5.0.1)
activesupport (~> 5.x)
- rails-deprecated_sanitizer (1.0.3)
- activesupport (>= 4.2.0.alpha)
rails-dom-testing (2.0.3)
activesupport (>= 4.2.0)
nokogiri (>= 1.6)
@@ -1111,7 +1109,6 @@ DEPENDENCIES
rack-proxy (~> 0.6.0)
rails (= 5.0.7.2)
rails-controller-testing
- rails-deprecated_sanitizer (~> 1.0.3)
rails-i18n (~> 5.1)
rainbow (~> 3.0)
raindrops (~> 0.18)
diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 9c31ae6376a..e14abbf7c78 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController
# rubocop: disable CodeReuse/ActiveRecord
def create
- branch_name = sanitize(strip_tags(params[:branch_name]))
+ branch_name = strip_tags(sanitize(params[:branch_name]))
branch_name = Addressable::URI.unescape(branch_name)
redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
@@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController
def ref
if params[:ref]
- ref_escaped = sanitize(strip_tags(params[:ref]))
+ ref_escaped = strip_tags(sanitize(params[:ref]))
Addressable::URI.unescape(ref_escaped)
else
@project.default_branch || 'master'
diff --git a/app/helpers/markup_helper.rb b/app/helpers/markup_helper.rb
index d83c69603a9..be4fc2531ae 100644
--- a/app/helpers/markup_helper.rb
+++ b/app/helpers/markup_helper.rb
@@ -241,9 +241,7 @@ module MarkupHelper
node.remove if node.name == 'a' && node.content.blank?
end
- # Use `Loofah` directly instead of `sanitize`
- # as we still use the `rails-deprecated_sanitizer` gem
- Loofah.fragment(text).scrub!(scrubber).to_s
+ sanitize text, scrubber: scrubber
end
def markdown_toolbar_button(options = {})
diff --git a/config/application.rb b/config/application.rb
index 6bdf61edfb1..cbcfef34e01 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -164,8 +164,6 @@ module Gitlab
# Version of your assets, change this if you want to expire all your assets
config.assets.version = '1.0'
- config.action_view.sanitized_allowed_protocols = %w(smb)
-
# Can be removed once upgraded to Rails 5.1 or higher
config.action_controller.raise_on_unfiltered_parameters = true