Update html-sanitizer 2.8 compatibility patch

2018-10-18 21:04:53 +05:30 · 2018-10-18 21:04:53 +05:30 · 540e6131f8
commit 540e6131f8
parent 1b01282ee4
1 changed files with 30 additions and 4 deletions
--- a/debian/patches/0600-html-sanitizer-2.8.patch
+++ b/debian/patches/0600-html-sanitizer-2.8.patch
@ -1,13 +1,39 @@
-Bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/48415
+https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20284

+diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
+index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b082fdc4e 100644
 --- a/lib/banzai/filter/sanitization_filter.rb
 +++ b/lib/banzai/filter/sanitization_filter.rb
-@@ -8,7 +8,7 @@
+@@ -4,27 +4,20 @@ module Banzai
+     #
+     # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
+     class SanitizationFilter < HTML::Pipeline::SanitizationFilter
+      include Gitlab::Utils::StrongMemoize
+
+       UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
       TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center|left|right)/
 
       def whitelist
 -        whitelist = super
-+	whitelist = super.dup
+-
+-        customize_whitelist(whitelist)
+-
+-        whitelist
+        strong_memoize(:whitelist) do
+          customize_whitelist(super.dup)
+        end
+       end
 
-         customize_whitelist(whitelist)
+       private
 
+-      def customized?(transformers)
+-        transformers.last.source_location[0] == __FILE__
+-      end
+-
+       def customize_whitelist(whitelist)
+-        # Only push these customizations once
+-        return if customized?(whitelist[:transformers])
+-
+         # Allow table alignment; we whitelist specific text-align values in a
+         # transformer below
+         whitelist[:attributes]['th'] = %w(style)