Skip to content

G
gitlab-ce
Commit 212fe14c authored by Robert Speicher's avatar Robert Speicher
Browse files
Options

Customize the sanitization whitelist only once 

Fixes #1651
parent 71b1a2c7
Show whitespace changes
Inline Side-by-side
Showing with 22 additions and 13 deletions
lib/gitlab/markdown/sanitization_filter.rb
View file @ 212fe14c
...@@ -8,8 +8,10 @@ module Gitlab ...@@ -8,8 +8,10 @@ module Gitlab
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist. # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
class SanitizationFilter < HTML::Pipeline::SanitizationFilter class SanitizationFilter < HTML::Pipeline::SanitizationFilter
def whitelist def whitelist
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST whitelist = super
# Only push these customizations once
unless customized?(whitelist[:transformers])
# Allow code highlighting # Allow code highlighting
whitelist[:attributes]['pre'] = %w(class) whitelist[:attributes]['pre'] = %w(class)
whitelist[:attributes]['span'] = %w(class) whitelist[:attributes]['span'] = %w(class)
...@@ -26,10 +28,13 @@ module Gitlab ...@@ -26,10 +28,13 @@ module Gitlab
# Remove `class` attribute from non-highlight spans # Remove `class` attribute from non-highlight spans
whitelist[:transformers].push(clean_spans) whitelist[:transformers].push(clean_spans)
end
whitelist whitelist
end end
private
def remove_rel def remove_rel
lambda do |env| lambda do |env|
if env[:node_name] == 'a' if env[:node_name] == 'a'
...@@ -48,6 +53,10 @@ module Gitlab ...@@ -48,6 +53,10 @@ module Gitlab
end end
end end
end end
def customized?(transformers)
transformers.last.source_location[0] == __FILE__
end
end end
end end
end end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7