From 1a9c2ddc55cf563ea42d67811a19b2693d7a44e9 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Fri, 10 Oct 2014 18:12:50 -0500
Subject: Document whitelisted HTML tags and attributes

---
 doc/markdown/markdown.md | 59 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

(limited to 'doc/markdown/markdown.md')

diff --git a/doc/markdown/markdown.md b/doc/markdown/markdown.md
index 6d96da76ad7..0f63eca1f61 100644
--- a/doc/markdown/markdown.md
+++ b/doc/markdown/markdown.md
@@ -438,6 +438,65 @@ You can also use raw HTML in your Markdown, and it'll mostly work pretty well.
   <dd>Does *not* work **very** well. Use HTML <em>tags</em>.</dd>
 </dl>
 
+The following tags can be used:
+
+* `<a/>`
+* `<abbr/>`
+* `<acronym/>`
+* `<address/>`
+* `<b/>`
+* `<big/>`
+* `<blockquote/>`
+* `<br/>`
+* `<cite/>`
+* `<code/>`
+* `<dd/>`
+* `<del/>`
+* `<dfn/>`
+* `<div/>`
+* `<dl/>`
+* `<dt/>`
+* `<em/>`
+* `<h1/>`
+* `<h2/>`
+* `<h3/>`
+* `<h4/>`
+* `<h5/>`
+* `<h6/>`
+* `<hr/>`
+* `<i/>`
+* `<img/>`
+* `<ins/>`
+* `<kbd/>`
+* `<li/>`
+* `<ol/>`
+* `<p/>`
+* `<pre/>`
+* `<samp/>`
+* `<small/>`
+* `<span/>`
+* `<strong/>`
+* `<sub/>`
+* `<sup/>`
+* `<tt/>`
+* `<ul/>`
+* `<var/>`
+
+You can also use the following HTML attributes in your inline tags:
+
+* `abbr`
+* `alt`
+* `cite`
+* `class`
+* `datetime`
+* `height`
+* `href`
+* `name`
+* `src`
+* `title`
+* `width`
+* `xml:lang`
+
 ## Horizontal Rule
 
 ```
-- 
cgit v1.2.1


From 52bf95ae380dc06243d0c4e5c8eb80f8be15a4f3 Mon Sep 17 00:00:00 2001
From: Vinnie Okada <vokada@mrvinn.com>
Date: Tue, 17 Mar 2015 21:17:00 -0600
Subject: Change HTML sanitization

Use the `SanitizationFilter` class from the html-pipeline gem for inline
HTML instead of calling the Rails `sanitize` method.
---
 doc/markdown/markdown.md | 59 +-----------------------------------------------
 1 file changed, 1 insertion(+), 58 deletions(-)

(limited to 'doc/markdown/markdown.md')

diff --git a/doc/markdown/markdown.md b/doc/markdown/markdown.md
index ddf1bbc6ee4..4ab73df8af9 100644
--- a/doc/markdown/markdown.md
+++ b/doc/markdown/markdown.md
@@ -440,64 +440,7 @@ Note that inline HTML is disabled in the default Gitlab configuration, although
   <dd>Does *not* work **very** well. Use HTML <em>tags</em>.</dd>
 </dl>
 
-The following tags can be used:
-
-* `<a/>`
-* `<abbr/>`
-* `<acronym/>`
-* `<address/>`
-* `<b/>`
-* `<big/>`
-* `<blockquote/>`
-* `<br/>`
-* `<cite/>`
-* `<code/>`
-* `<dd/>`
-* `<del/>`
-* `<dfn/>`
-* `<div/>`
-* `<dl/>`
-* `<dt/>`
-* `<em/>`
-* `<h1/>`
-* `<h2/>`
-* `<h3/>`
-* `<h4/>`
-* `<h5/>`
-* `<h6/>`
-* `<hr/>`
-* `<i/>`
-* `<img/>`
-* `<ins/>`
-* `<kbd/>`
-* `<li/>`
-* `<ol/>`
-* `<p/>`
-* `<pre/>`
-* `<samp/>`
-* `<small/>`
-* `<span/>`
-* `<strong/>`
-* `<sub/>`
-* `<sup/>`
-* `<tt/>`
-* `<ul/>`
-* `<var/>`
-
-You can also use the following HTML attributes in your inline tags:
-
-* `abbr`
-* `alt`
-* `cite`
-* `class`
-* `datetime`
-* `height`
-* `href`
-* `name`
-* `src`
-* `title`
-* `width`
-* `xml:lang`
+See the documentation for HTML::Pipeline's [SanitizationFilter](http://www.rubydoc.info/gems/html-pipeline/HTML/Pipeline/SanitizationFilter#WHITELIST-constant) class for the list of allowed HTML tags and attributes.  In addition to the default `SanitizationFilter` whitelist, GitLab allows the `class`, `id`, and `style` attributes.
 
 ## Horizontal Rule
 
-- 
cgit v1.2.1