Update html-sanitizer 2.8 compatibility patch
This commit is contained in:
parent
1b01282ee4
commit
540e6131f8
1 changed files with 30 additions and 4 deletions
34
debian/patches/0600-html-sanitizer-2.8.patch
vendored
34
debian/patches/0600-html-sanitizer-2.8.patch
vendored
|
@ -1,13 +1,39 @@
|
|||
Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/48415
|
||||
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20284
|
||||
|
||||
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
|
||||
index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b082fdc4e 100644
|
||||
--- a/lib/banzai/filter/sanitization_filter.rb
|
||||
+++ b/lib/banzai/filter/sanitization_filter.rb
|
||||
@@ -8,7 +8,7 @@
|
||||
@@ -4,27 +4,20 @@ module Banzai
|
||||
#
|
||||
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
|
||||
class SanitizationFilter < HTML::Pipeline::SanitizationFilter
|
||||
+ include Gitlab::Utils::StrongMemoize
|
||||
+
|
||||
UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
|
||||
TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center|left|right)/
|
||||
|
||||
def whitelist
|
||||
- whitelist = super
|
||||
+ whitelist = super.dup
|
||||
-
|
||||
- customize_whitelist(whitelist)
|
||||
-
|
||||
- whitelist
|
||||
+ strong_memoize(:whitelist) do
|
||||
+ customize_whitelist(super.dup)
|
||||
+ end
|
||||
end
|
||||
|
||||
customize_whitelist(whitelist)
|
||||
private
|
||||
|
||||
- def customized?(transformers)
|
||||
- transformers.last.source_location[0] == __FILE__
|
||||
- end
|
||||
-
|
||||
def customize_whitelist(whitelist)
|
||||
- # Only push these customizations once
|
||||
- return if customized?(whitelist[:transformers])
|
||||
-
|
||||
# Allow table alignment; we whitelist specific text-align values in a
|
||||
# transformer below
|
||||
whitelist[:attributes]['th'] = %w(style)
|
||||
|
|
Loading…
Reference in a new issue