Commit e9ecbd3d authored by Stan Hu's avatar Stan Hu

Fix warning messages with SVG ALLOWED_ELEMENTS

Eliminates "warning: already initialized constant Gitlab::Sanitizers::SVG::ALLOWED_ELEMENTS"
parent 4607323e
require_relative "svg/whitelist"
module Gitlab module Gitlab
module Sanitizers module Sanitizers
module SVG module SVG
...@@ -12,14 +10,14 @@ module Gitlab ...@@ -12,14 +10,14 @@ module Gitlab
DATA_ATTR_PATTERN = /\Adata-(?!xml)[a-z_][\w.\u00E0-\u00F6\u00F8-\u017F\u01DD-\u02AF-]*\z/u DATA_ATTR_PATTERN = /\Adata-(?!xml)[a-z_][\w.\u00E0-\u00F6\u00F8-\u017F\u01DD-\u02AF-]*\z/u
def scrub(node) def scrub(node)
unless ALLOWED_ELEMENTS.include?(node.name) unless Whitelist::ALLOWED_ELEMENTS.include?(node.name)
node.unlink node.unlink
else else
node.attributes.each do |attr_name, attr| node.attributes.each do |attr_name, attr|
valid_attributes = ALLOWED_ATTRIBUTES[node.name] valid_attributes = Whitelist::ALLOWED_ATTRIBUTES[node.name]
unless valid_attributes && valid_attributes.include?(attr_name) unless valid_attributes && valid_attributes.include?(attr_name)
if ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS.include?(node.name) && if Whitelist::ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS.include?(node.name) &&
attr_name.start_with?('data-') attr_name.start_with?('data-')
# Arbitrary data attributes are allowed. Verify that the attribute # Arbitrary data attributes are allowed. Verify that the attribute
# is a valid data attribute. # is a valid data attribute.
......
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
module Gitlab module Gitlab
module Sanitizers module Sanitizers
module SVG module SVG
class Whitelist
ALLOWED_ELEMENTS = %w[ ALLOWED_ELEMENTS = %w[
a altGlyph altGlyphDef altGlyphItem animate a altGlyph altGlyphDef altGlyphItem animate
animateColor animateMotion animateTransform circle clipPath color-profile animateColor animateMotion animateTransform circle clipPath color-profile
...@@ -104,4 +105,5 @@ module Gitlab ...@@ -104,4 +105,5 @@ module Gitlab
}.freeze }.freeze
end end
end end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment