Commit 4854cfef authored by Douwe Maan's avatar Douwe Maan

Merge branch 'pravi/gitlab-ce-update-html-pipeline' into 'master'

update html-pipeline 2.7.1 -> 2.8

Closes #48571

See merge request gitlab-org/gitlab-ce!20348
parents 8678cf9b d699362a
......@@ -132,7 +132,7 @@ gem 'unf', '~> 0.1.4'
gem 'seed-fu', '~> 2.3.7'
# Markdown and HTML processing
gem 'html-pipeline', '~> 2.7.1'
gem 'html-pipeline', '~> 2.8'
gem 'deckar01-task_list', '2.0.0'
gem 'gitlab-markup', '~> 1.6.4'
gem 'redcarpet', '~> 3.4'
......
......@@ -394,7 +394,7 @@ GEM
hipchat (1.5.2)
httparty
mimemagic
html-pipeline (2.7.1)
html-pipeline (2.8.3)
activesupport (>= 2)
nokogiri (>= 1.4)
html2text (0.2.0)
......@@ -1061,7 +1061,7 @@ DEPENDENCIES
hashie-forbidden_attributes
health_check (~> 2.6.0)
hipchat (~> 1.5.0)
html-pipeline (~> 2.7.1)
html-pipeline (~> 2.8)
html2text
httparty (~> 0.13.3)
icalendar
......
......@@ -397,7 +397,7 @@ GEM
hipchat (1.5.2)
httparty
mimemagic
html-pipeline (2.7.1)
html-pipeline (2.8.3)
activesupport (>= 2)
nokogiri (>= 1.4)
html2text (0.2.0)
......@@ -1071,7 +1071,7 @@ DEPENDENCIES
hashie-forbidden_attributes
health_check (~> 2.6.0)
hipchat (~> 1.5.0)
html-pipeline (~> 2.7.1)
html-pipeline (~> 2.8)
html2text
httparty (~> 0.13.3)
icalendar
......
......@@ -4,27 +4,20 @@ module Banzai
#
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
class SanitizationFilter < HTML::Pipeline::SanitizationFilter
include Gitlab::Utils::StrongMemoize
UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center|left|right)/
def whitelist
whitelist = super
customize_whitelist(whitelist)
whitelist
strong_memoize(:whitelist) do
customize_whitelist(super.dup)
end
end
private
def customized?(transformers)
transformers.last.source_location[0] == __FILE__
end
def customize_whitelist(whitelist)
# Only push these customizations once
return if customized?(whitelist[:transformers])
# Allow table alignment; we whitelist specific text-align values in a
# transformer below
whitelist[:attributes]['th'] = %w(style)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment