Further limit the limited whitelist for project/group descriptions
This commit is contained in:
parent
79c4e3899f
commit
9e7a9c63a5
2 changed files with 18 additions and 2 deletions
|
@ -12,6 +12,7 @@ module Gitlab
|
||||||
# See http://git.io/vkuAN
|
# See http://git.io/vkuAN
|
||||||
if pipeline == :description
|
if pipeline == :description
|
||||||
whitelist = LIMITED
|
whitelist = LIMITED
|
||||||
|
whitelist[:elements] -= %w(pre code img ol ul li)
|
||||||
else
|
else
|
||||||
whitelist = super
|
whitelist = super
|
||||||
end
|
end
|
||||||
|
|
|
@ -95,8 +95,23 @@ module Gitlab::Markdown
|
||||||
|
|
||||||
context 'when pipeline is :description' do
|
context 'when pipeline is :description' do
|
||||||
it 'uses a stricter whitelist' do
|
it 'uses a stricter whitelist' do
|
||||||
doc = filter('<h1>My Project</h1>', pipeline: :description)
|
doc = filter('<h1>Description</h1>', pipeline: :description)
|
||||||
expect(doc.to_html.strip).to eq 'My Project'
|
expect(doc.to_html.strip).to eq 'Description'
|
||||||
|
end
|
||||||
|
|
||||||
|
%w(pre code img ol ul li).each do |elem|
|
||||||
|
it "removes '#{elem}' elements" do
|
||||||
|
act = "<#{elem}>Description</#{elem}>"
|
||||||
|
expect(filter(act, pipeline: :description).to_html.strip).
|
||||||
|
to eq 'Description'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
%w(b i strong em a ins del sup sub p).each do |elem|
|
||||||
|
it "still allows '#{elem}' elements" do
|
||||||
|
exp = act = "<#{elem}>Description</#{elem}>"
|
||||||
|
expect(filter(act, pipeline: :description).to_html).to eq exp
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue