kotovalexarian-likes-gitlab
/
gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Don't allow style attributes in inline HTML

This commit is contained in:
Vinnie Okada 2015-03-21 08:39:54 -06:00
parent 52bf95ae38
commit cc29ce4917
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -1,6 +1,7 @@
Please view this file on the master branch, on stable branches it's out of date. Please view this file on the master branch, on stable branches it's out of date.
v 7.10.0 (unreleased) v 7.10.0 (unreleased)
- Allow HTML tags in Markdown input
v 7.9.0 (unreleased) v 7.9.0 (unreleased)
- Add HipChat integration documentation (Stan Hu) - Add HipChat integration documentation (Stan Hu)

2
lib/gitlab/markdown.rb
View File

@ -88,7 +88,7 @@ module Gitlab
] ]
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
whitelist[:attributes][:all].push('class', 'id', 'style') whitelist[:attributes][:all].push('class', 'id')
# Remove the rel attribute that the sanitize gem adds, and remove the # Remove the rel attribute that the sanitize gem adds, and remove the
# href attribute if it contains inline javascript # href attribute if it contains inline javascript