Customize the sanitization whitelist only once

Fixes #1651

lib/gitlab/markdown/sanitization_filter.rb

@@ -8,28 +8,33 @@ module Gitlab
     # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
     class SanitizationFilter < HTML::Pipeline::SanitizationFilter
       def whitelist
-        whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
-        # Allow code highlighting
-        whitelist[:attributes]['pre'] = %w(class)
-        whitelist[:attributes]['span'] = %w(class)
-        # Allow table alignment
-        whitelist[:attributes]['th'] = %w(style)
-        whitelist[:attributes]['td'] = %w(style)
-        # Allow span elements
-        whitelist[:elements].push('span')
-        # Remove `rel` attribute from `a` elements
-        whitelist[:transformers].push(remove_rel)
-        # Remove `class` attribute from non-highlight spans
-        whitelist[:transformers].push(clean_spans)
+        whitelist = super
+        # Only push these customizations once
+        unless customized?(whitelist[:transformers])
+          # Allow code highlighting
+          whitelist[:attributes]['pre'] = %w(class)
+          whitelist[:attributes]['span'] = %w(class)
+          # Allow table alignment
+          whitelist[:attributes]['th'] = %w(style)
+          whitelist[:attributes]['td'] = %w(style)
+          # Allow span elements
+          whitelist[:elements].push('span')
+          # Remove `rel` attribute from `a` elements
+          whitelist[:transformers].push(remove_rel)
+          # Remove `class` attribute from non-highlight spans
+          whitelist[:transformers].push(clean_spans)
+        end
         whitelist
       end
+      private
+
       def remove_rel
         lambda do |env|
           if env[:node_name] == 'a'
@@ -48,6 +53,10 @@ module Gitlab
           end
         end
       end
+
+      def customized?(transformers)
+        transformers.last.source_location[0] == __FILE__
+      end
     end
   end
 end