Skip to content
Snippets Groups Projects
Commit a7afc063 authored by Vinnie Okada's avatar Vinnie Okada
Browse files

Fix SanitizationFilter bugs 

Return a `SafeBuffer` instead of a `String` from the `#gfm_with_options`
method so that Rails doesn't escape our markup.

Also add `<span>` to the sanitization whitelist to avoid breaking syntax
highlighting in code blocks.
parent f5e65e2e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 1 deletion
lib/gitlab/markdown.rb
+ 2
1
View file @ a7afc063
@@ -89,6 +89,7 @@ module Gitlab
@@ -89,6 +89,7 @@ module Gitlab
   
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
whitelist[:attributes][:all].push('class', 'id') whitelist[:attributes][:all].push('class', 'id')
whitelist[:elements].push('span')
   
# Remove the rel attribute that the sanitize gem adds, and remove the # Remove the rel attribute that the sanitize gem adds, and remove the
# href attribute if it contains inline javascript # href attribute if it contains inline javascript
@@ -123,7 +124,7 @@ module Gitlab
@@ -123,7 +124,7 @@ module Gitlab
text = parse_tasks(text) text = parse_tasks(text)
end end
   
text text.html_safe
end end
   
private private
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment