Commit graph

7 commits

Author SHA1 Message Date
Stan Hu
f93b2e02a5 Run rubocop -a on CE files 2019-05-05 03:24:28 -07:00
gfyoung
f93f8f569d Enable even more frozen string for lib/gitlab
Enables frozen string for the following:

* lib/gitlab/patch/**/*.rb
* lib/gitlab/popen/**/*.rb
* lib/gitlab/profiler/**/*.rb
* lib/gitlab/project_authorizations/**/*.rb
* lib/gitlab/prometheus/**/*.rb
* lib/gitlab/query_limiting/**/*.rb
* lib/gitlab/quick_actions/**/*.rb
* lib/gitlab/redis/**/*.rb
* lib/gitlab/request_profiler/**/*.rb
* lib/gitlab/search/**/*.rb
* lib/gitlab/sherlock/**/*.rb
* lib/gitlab/sidekiq_middleware/**/*.rb
* lib/gitlab/slash_commands/**/*.rb
* lib/gitlab/sql/**/*.rb
* lib/gitlab/template/**/*.rb
* lib/gitlab/testing/**/*.rb
* lib/gitlab/utils/**/*.rb
* lib/gitlab/webpack/**/*.rb

Partially addresses gitlab-org/gitlab-ce#47424.
2018-11-19 18:24:22 -08:00
Gabriel Mazetto
a9eaa20dcb Refactored SVG sanitizer 2016-06-12 21:05:58 -04:00
Gabriel Mazetto
13791c6704 Refactor SVG sanitizer and prevent xlink:href to refer to external resources 2016-06-12 21:05:58 -04:00
Gabriel Mazetto
02b882418a Fix SVG whitelisting to allow namespaced attributes 2016-06-12 21:05:57 -04:00
Stan Hu
e9ecbd3d4e Fix warning messages with SVG ALLOWED_ELEMENTS
Eliminates "warning: already initialized constant Gitlab::Sanitizers::SVG::ALLOWED_ELEMENTS"
2016-05-19 01:35:04 -05:00
Stan Hu
21d89d0286 Update SVG sanitizer to conform to SVG 1.1
Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate
to handle case-sensitive SVG attributes. sanitize parses documents as HTML
instead of XML, which causes all SVG attribute names (e.g. viewBox) to be downcased.

* SVG element list: https://www.w3.org/TR/SVG/eltindex.html
* SVG attribute list: https://www.w3.org/TR/SVG/attindex.html

Closes #14555
2016-05-06 23:20:24 -07:00