Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
6435f78a
Commit
6435f78a
authored
Jan 22, 2016
by
Benedict Etzel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Whitelist raw "abbr" elements when parsing Markdown
Closes #12517
parent
dc78ee4e
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
10 additions
and
0 deletions
+10
-0
CHANGELOG
CHANGELOG
+1
-0
lib/banzai/filter/sanitization_filter.rb
lib/banzai/filter/sanitization_filter.rb
+4
-0
spec/lib/banzai/filter/sanitization_filter_spec.rb
spec/lib/banzai/filter/sanitization_filter_spec.rb
+5
-0
No files found.
CHANGELOG
View file @
6435f78a
...
@@ -6,6 +6,7 @@ v 8.5.0 (unreleased)
...
@@ -6,6 +6,7 @@ v 8.5.0 (unreleased)
- Upgrade gitlab_git to 7.2.23 to fix commit message mentions in first branch push
- Upgrade gitlab_git to 7.2.23 to fix commit message mentions in first branch push
- New UI for pagination
- New UI for pagination
- Fix diff comments loaded by AJAX to load comment with diff in discussion tab
- Fix diff comments loaded by AJAX to load comment with diff in discussion tab
- Whitelist raw "abbr" elements when parsing Markdown (Benedict Etzel)
v 8.4.0
v 8.4.0
- Allow LDAP users to change their email if it was not set by the LDAP server
- Allow LDAP users to change their email if it was not set by the LDAP server
...
...
lib/banzai/filter/sanitization_filter.rb
View file @
6435f78a
...
@@ -43,6 +43,10 @@ module Banzai
...
@@ -43,6 +43,10 @@ module Banzai
# Allow span elements
# Allow span elements
whitelist
[
:elements
].
push
(
'span'
)
whitelist
[
:elements
].
push
(
'span'
)
# Allow abbr elements with title attribute
whitelist
[
:elements
].
push
(
'abbr'
)
whitelist
[
:attributes
][
'abbr'
]
=
%w(title)
# Allow any protocol in `a` elements...
# Allow any protocol in `a` elements...
whitelist
[
:protocols
].
delete
(
'a'
)
whitelist
[
:protocols
].
delete
(
'a'
)
...
...
spec/lib/banzai/filter/sanitization_filter_spec.rb
View file @
6435f78a
...
@@ -75,6 +75,11 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
...
@@ -75,6 +75,11 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
expect
(
filter
(
act
).
to_html
).
to
eq
exp
expect
(
filter
(
act
).
to_html
).
to
eq
exp
end
end
it
'allows `abbr` elements'
do
exp
=
act
=
%q{<abbr title="HyperText Markup Language">HTML</abbr>}
expect
(
filter
(
act
).
to_html
).
to
eq
exp
end
it
'removes `rel` attribute from `a` elements'
do
it
'removes `rel` attribute from `a` elements'
do
act
=
%q{<a href="#" rel="nofollow">Link</a>}
act
=
%q{<a href="#" rel="nofollow">Link</a>}
exp
=
%q{<a href="#">Link</a>}
exp
=
%q{<a href="#">Link</a>}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment