Stan Hu
f93b2e02a5
Run rubocop -a on CE files
2019-05-05 03:24:28 -07:00
gfyoung
f93f8f569d
Enable even more frozen string for lib/gitlab
...
Enables frozen string for the following:
* lib/gitlab/patch/**/*.rb
* lib/gitlab/popen/**/*.rb
* lib/gitlab/profiler/**/*.rb
* lib/gitlab/project_authorizations/**/*.rb
* lib/gitlab/prometheus/**/*.rb
* lib/gitlab/query_limiting/**/*.rb
* lib/gitlab/quick_actions/**/*.rb
* lib/gitlab/redis/**/*.rb
* lib/gitlab/request_profiler/**/*.rb
* lib/gitlab/search/**/*.rb
* lib/gitlab/sherlock/**/*.rb
* lib/gitlab/sidekiq_middleware/**/*.rb
* lib/gitlab/slash_commands/**/*.rb
* lib/gitlab/sql/**/*.rb
* lib/gitlab/template/**/*.rb
* lib/gitlab/testing/**/*.rb
* lib/gitlab/utils/**/*.rb
* lib/gitlab/webpack/**/*.rb
Partially addresses gitlab-org/gitlab-ce#47424 .
2018-11-19 18:24:22 -08:00
Gabriel Mazetto
a9eaa20dcb
Refactored SVG sanitizer
2016-06-12 21:05:58 -04:00
Gabriel Mazetto
13791c6704
Refactor SVG sanitizer and prevent xlink:href
to refer to external resources
2016-06-12 21:05:58 -04:00
Gabriel Mazetto
02b882418a
Fix SVG whitelisting to allow namespaced attributes
2016-06-12 21:05:57 -04:00
Stan Hu
e9ecbd3d4e
Fix warning messages with SVG ALLOWED_ELEMENTS
...
Eliminates "warning: already initialized constant Gitlab::Sanitizers::SVG::ALLOWED_ELEMENTS"
2016-05-19 01:35:04 -05:00
Stan Hu
21d89d0286
Update SVG sanitizer to conform to SVG 1.1
...
Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate
to handle case-sensitive SVG attributes. sanitize parses documents as HTML
instead of XML, which causes all SVG attribute names (e.g. viewBox) to be downcased.
* SVG element list: https://www.w3.org/TR/SVG/eltindex.html
* SVG attribute list: https://www.w3.org/TR/SVG/attindex.html
Closes #14555
2016-05-06 23:20:24 -07:00