diff options
Diffstat (limited to 'lib/banzai/pipeline/description_pipeline.rb')
| -rw-r--r-- | lib/banzai/pipeline/description_pipeline.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/lib/banzai/pipeline/description_pipeline.rb b/lib/banzai/pipeline/description_pipeline.rb index 94c2cb165a5..f2395867658 100644 --- a/lib/banzai/pipeline/description_pipeline.rb +++ b/lib/banzai/pipeline/description_pipeline.rb @@ -1,14 +1,23 @@ -require 'banzai' - module Banzai module Pipeline class DescriptionPipeline < FullPipeline def self.transform_context(context) super(context).merge( # SanitizationFilter - inline_sanitization: true + whitelist: whitelist ) end + + private + + def self.whitelist + # Descriptions are more heavily sanitized, allowing only a few elements. + # See http://git.io/vkuAN + whitelist = Banzai::Filter::SanitizationFilter::LIMITED + whitelist[:elements] -= %w(pre code img ol ul li) + + whitelist + end end end end |