realaravinth/debian-mirror-gitlab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

More upstream fixes

Browse source
This commit is contained in:
Pirate Praveen 2018-10-19 12:30:32 +05:30
parent 85a98abced
commit b03d5ba9ab
1 changed files with 29 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

33
debian/patches/0600-html-sanitizer-2.8.patch vendored
View file

@ -1,10 +1,14 @@
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20284 https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20284
https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20820
diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b082fdc4e 100644
--- a/lib/banzai/filter/sanitization_filter.rb --- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb +++ b/lib/banzai/filter/sanitization_filter.rb
@@ -4,27 +4,20 @@ module Banzai @@ -1,30 +1,25 @@
+# frozen_string_literal: true
+
module Banzai
module Filter
# Sanitize HTML
# #
# Extends HTML::Pipeline::SanitizationFilter with a custom whitelist. # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
class SanitizationFilter < HTML::Pipeline::SanitizationFilter class SanitizationFilter < HTML::Pipeline::SanitizationFilter
@ -20,7 +24,7 @@ index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b
- -
- whitelist - whitelist
+ strong_memoize(:whitelist) do + strong_memoize(:whitelist) do
+ customize_whitelist(super.dup) + customize_whitelist(super.deep_dup)
+ end + end
end end
@ -37,3 +41,24 @@ index afc2ca4e3627c5be0ea5fe73db37968cda2029bd..8275bb9e14928d56e72a75707eee3f3b
# Allow table alignment; we whitelist specific text-align values in a # Allow table alignment; we whitelist specific text-align values in a
# transformer below # transformer below
whitelist[:attributes]['th'] = %w(style) whitelist[:attributes]['th'] = %w(style)
--- a/spec/lib/banzai/filter/sanitization_filter_spec.rb
+++ b/spec/lib/banzai/filter/sanitization_filter_spec.rb
@@ -54,6 +54,18 @@
expect(instance.whitelist[:transformers].size).to eq control_count
end
+ it 'customizes the whitelist only once for different instances' do
+ instance1 = described_class.new('Foo1')
+ instance2 = described_class.new('Foo2')
+ control_count = instance1.whitelist[:transformers].size
+
+ instance1.whitelist
+ instance2.whitelist
+
+ expect(instance1.whitelist[:transformers].size).to eq control_count
+ expect(instance2.whitelist[:transformers].size).to eq control_count
+ end
+
it 'sanitizes `class` attribute from all elements' do
act = %q{<pre class="code highlight white c"><code>&lt;span class="k"&gt;def&lt;/span&gt;</code></pre>}
exp = %q{<pre><code>&lt;span class="k"&gt;def&lt;/span&gt;</code></pre>}