From 212fe14c65b523ba71e3a199028d577b21216c60 Mon Sep 17 00:00:00 2001
From: Robert Speicher <rspeicher@gmail.com>
Date: Wed, 20 May 2015 20:55:11 -0400
Subject: [PATCH] Customize the sanitization whitelist only once

Fixes #1651
---
 lib/gitlab/markdown/sanitization_filter.rb | 35 ++++++++++++++--------
 1 file changed, 22 insertions(+), 13 deletions(-)

diff --git a/lib/gitlab/markdown/sanitization_filter.rb b/lib/gitlab/markdown/sanitization_filter.rb
index 6f33155badf..88781fea0c8 100644
--- a/lib/gitlab/markdown/sanitization_filter.rb
+++ b/lib/gitlab/markdown/sanitization_filter.rb
@@ -8,28 +8,33 @@ module Gitlab
     # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
     class SanitizationFilter < HTML::Pipeline::SanitizationFilter
       def whitelist
-        whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
+        whitelist = super
 
-        # Allow code highlighting
-        whitelist[:attributes]['pre'] = %w(class)
-        whitelist[:attributes]['span'] = %w(class)
+        # Only push these customizations once
+        unless customized?(whitelist[:transformers])
+          # Allow code highlighting
+          whitelist[:attributes]['pre'] = %w(class)
+          whitelist[:attributes]['span'] = %w(class)
 
-        # Allow table alignment
-        whitelist[:attributes]['th'] = %w(style)
-        whitelist[:attributes]['td'] = %w(style)
+          # Allow table alignment
+          whitelist[:attributes]['th'] = %w(style)
+          whitelist[:attributes]['td'] = %w(style)
 
-        # Allow span elements
-        whitelist[:elements].push('span')
+          # Allow span elements
+          whitelist[:elements].push('span')
 
-        # Remove `rel` attribute from `a` elements
-        whitelist[:transformers].push(remove_rel)
+          # Remove `rel` attribute from `a` elements
+          whitelist[:transformers].push(remove_rel)
 
-        # Remove `class` attribute from non-highlight spans
-        whitelist[:transformers].push(clean_spans)
+          # Remove `class` attribute from non-highlight spans
+          whitelist[:transformers].push(clean_spans)
+        end
 
         whitelist
       end
 
+      private
+
       def remove_rel
         lambda do |env|
           if env[:node_name] == 'a'
@@ -48,6 +53,10 @@ module Gitlab
           end
         end
       end
+
+      def customized?(transformers)
+        transformers.last.source_location[0] == __FILE__
+      end
     end
   end
 end