Fix the leak mentioned in 504a3b5 by another way

The previous fix introduced another leak; as it made Banzai::Filter::SanitizationFiler#customized? always return false, so we were always appending two elements to HTML::Pipeline::SanitizationFilter::WHITELIST[:elements]. This growth in the elements array would slow the sanitization process over time.
2016-09-21 15:55:04 +02:00 · 2016-09-21 15:55:04 +02:00 · ca823abacd
commit ca823abacd
parent 0fe33f925a
2 changed files with 32 additions and 29 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ v 8.13.0 (unreleased)
  - Speed-up group milestones show page

 v 8.12.1 (unreleased)
+  - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST

 v 8.12.0
  - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@ -43,17 +43,18 @@ module Banzai
        whitelist[:protocols].delete('a')

        # ...but then remove links with unsafe protocols
-        whitelist[:transformers].push(remove_unsafe_links)
+        whitelist[:transformers].push(self.class.remove_unsafe_links)

        # Remove `rel` attribute from `a` elements
-        whitelist[:transformers].push(remove_rel)
+        whitelist[:transformers].push(self.class.remove_rel)

        # Remove `class` attribute from non-highlight spans
-        whitelist[:transformers].push(clean_spans)
+        whitelist[:transformers].push(self.class.clean_spans)

        whitelist
      end

+      class << self
        def remove_unsafe_links
          lambda do |env|
            node = env[:node]
@ -87,7 +88,7 @@ module Banzai
            return unless node.name == 'span'
            return unless node.has_attribute?('class')

-          unless has_ancestor?(node, 'pre')
+            unless node.ancestors.any? { |n| n.name.casecmp('pre').zero? }
              node.remove_attribute('class')
            end

@ -97,3 +98,4 @@ module Banzai
      end
    end
  end
+end