More upstream fixes
This commit is contained in:
Pirate Praveen
parent
85a98abced
commit
b03d5ba9ab
1 changed files with 29 additions and 4 deletions
33
debian/patches/0600-html-sanitizer-2.8.patch
vendored
33
debian/patches/0600-html-sanitizer-2.8.patch
vendored
|
|
@ -1,10 +1,14 @@
|
|||
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20284
|
||||
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20820
|
||||
|
||||
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
|
||||
index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b082fdc4e 100644
|
||||
--- a/lib/banzai/filter/sanitization_filter.rb
|
||||
+++ b/lib/banzai/filter/sanitization_filter.rb
|
||||
@@ -4,27 +4,20 @@ module Banzai
|
||||
@@ -1,30 +1,25 @@
|
||||
+# frozen_string_literal: true
|
||||
+
|
||||
module Banzai
|
||||
module Filter
|
||||
# Sanitize HTML
|
||||
#
|
||||
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
|
||||
class SanitizationFilter < HTML::Pipeline::SanitizationFilter
|
||||
|
|
@ -20,7 +24,7 @@ index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b
|
|||
-
|
||||
- whitelist
|
||||
+ strong_memoize(:whitelist) do
|
||||
+ customize_whitelist(super.dup)
|
||||
+ customize_whitelist(super.deep_dup)
|
||||
+ end
|
||||
end
|
||||
|
||||
|
|
@ -37,3 +41,24 @@ index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b
|
|||
# Allow table alignment; we whitelist specific text-align values in a
|
||||
# transformer below
|
||||
whitelist[:attributes]['th'] = %w(style)
|
||||
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
|
||||
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
|
||||
@@ -54,6 +54,18 @@
|
||||
expect(instance.whitelist[:transformers].size).to eq control_count
|
||||
end
|
||||
|
||||
+ it 'customizes the whitelist only once for different instances' do
|
||||
+ instance1 = described_class.new('Foo1')
|
||||
+ instance2 = described_class.new('Foo2')
|
||||
+ control_count = instance1.whitelist[:transformers].size
|
||||
+
|
||||
+ instance1.whitelist
|
||||
+ instance2.whitelist
|
||||
+
|
||||
+ expect(instance1.whitelist[:transformers].size).to eq control_count
|
||||
+ expect(instance2.whitelist[:transformers].size).to eq control_count
|
||||
+ end
|
||||
+
|
||||
it 'sanitizes `class` attribute from all elements' do
|
||||
act = %q{<pre class="code highlight white c"><code><span class="k">def</span></code></pre>}
|
||||
exp = %q{<pre><code><span class="k">def</span></code></pre>}
|
||||
|
|
|
|||
Loading…
Reference in a new issue