Don't allow style attributes in inline HTML
This commit is contained in:
parent
52bf95ae38
commit
cc29ce4917
|
@ -1,6 +1,7 @@
|
||||||
Please view this file on the master branch, on stable branches it's out of date.
|
Please view this file on the master branch, on stable branches it's out of date.
|
||||||
|
|
||||||
v 7.10.0 (unreleased)
|
v 7.10.0 (unreleased)
|
||||||
|
- Allow HTML tags in Markdown input
|
||||||
|
|
||||||
v 7.9.0 (unreleased)
|
v 7.9.0 (unreleased)
|
||||||
- Add HipChat integration documentation (Stan Hu)
|
- Add HipChat integration documentation (Stan Hu)
|
||||||
|
|
|
@ -88,7 +88,7 @@ module Gitlab
|
||||||
]
|
]
|
||||||
|
|
||||||
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
|
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
|
||||||
whitelist[:attributes][:all].push('class', 'id', 'style')
|
whitelist[:attributes][:all].push('class', 'id')
|
||||||
|
|
||||||
# Remove the rel attribute that the sanitize gem adds, and remove the
|
# Remove the rel attribute that the sanitize gem adds, and remove the
|
||||||
# href attribute if it contains inline javascript
|
# href attribute if it contains inline javascript
|
||||||
|
|
Loading…
Reference in New Issue