From 4bf3b243da3eb73545fb76c024088e225c14024c Mon Sep 17 00:00:00 2001
From: Robert Speicher <robert@gitlab.com>
Date: Wed, 8 Feb 2017 20:33:29 +0000
Subject: Merge branch 'asciidoctor-xss-patch' into 'security'

Add sanitization filter to asciidocs output to prevent XSS

See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2057
---
 lib/gitlab/asciidoc.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib')

diff --git a/lib/gitlab/asciidoc.rb b/lib/gitlab/asciidoc.rb
index 0618107e2c3..d575367d81a 100644
--- a/lib/gitlab/asciidoc.rb
+++ b/lib/gitlab/asciidoc.rb
@@ -36,6 +36,9 @@ module Gitlab
 
       html = Banzai.post_process(html, context)
 
+      filter = Banzai::Filter::SanitizationFilter.new(html)
+      html = filter.call.to_s
+
       html.html_safe
     end
 
-- 
cgit v1.2.1