Make Pipelines responsible for defining their custom whitelist

This allows for future pipelines to more easily define a custom
whitelist.

lib/banzai/filter/sanitization_filter.rb

@@ -8,14 +8,7 @@ module Banzai
     # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
     class SanitizationFilter < HTML::Pipeline::SanitizationFilter
       def whitelist
-        # Descriptions are more heavily sanitized, allowing only a few elements.
-        # See http://git.io/vkuAN
-        if context[:inline_sanitization]
-          whitelist = LIMITED
-          whitelist[:elements] -= %w(pre code img ol ul li)
-        else
-          whitelist = super
-        end
+        whitelist = super
         customize_whitelist(whitelist)

lib/banzai/pipeline/description_pipeline.rb

@@ -4,9 +4,20 @@ module Banzai
       def self.transform_context(context)
         super(context).merge(
           # SanitizationFilter
-          inline_sanitization: true
+          whitelist: whitelist
         )
       end
+
+      private
+
+      def self.whitelist
+        # Descriptions are more heavily sanitized, allowing only a few elements.
+        # See http://git.io/vkuAN
+        whitelist = Banzai::Filter::SanitizationFilter::LIMITED
+        whitelist[:elements] -= %w(pre code img ol ul li)
+
+        whitelist
+      end
     end
   end
 end

spec/lib/banzai/filter/sanitization_filter_spec.rb

@@ -177,26 +177,4 @@ describe Banzai::Filter::SanitizationFilter, lib: true do
       expect(act.to_html).to eq exp
     end
   end
-
-  context 'when inline_sanitization is true' do
-    it 'uses a stricter whitelist' do
-      doc = filter('<h1>Description</h1>', inline_sanitization: true)
-      expect(doc.to_html.strip).to eq 'Description'
-    end
-
-    %w(pre code img ol ul li).each do |elem|
-      it "removes '#{elem}' elements" do
-        act = "<#{elem}>Description</#{elem}>"
-        expect(filter(act, inline_sanitization: true).to_html.strip).
-          to eq 'Description'
-      end
-    end
-
-    %w(b i strong em a ins del sup sub p).each do |elem|
-      it "still allows '#{elem}' elements" do
-        exp = act = "<#{elem}>Description</#{elem}>"
-        expect(filter(act, inline_sanitization: true).to_html).to eq exp
-      end
-    end
-  end
 end

spec/lib/banzai/pipeline/description_pipeline_spec.rb

+require 'rails_helper'
+
+describe Banzai::Pipeline::DescriptionPipeline do
+  def parse(html)
+    # When we pass HTML to Redcarpet, it gets wrapped in `p` tags...
+    # ...except when we pass it pre-wrapped text. Rabble rabble.
+    unwrap = !html.start_with?('<p>')
+
+    output = described_class.to_html(html, project: spy)
+
+    output.gsub!(%r{\A<p>(.*)</p>(.*)\z}, '\1\2') if unwrap
+
+    output
+  end
+
+  it 'uses a limited whitelist' do
+    doc = parse('# Description')
+
+    expect(doc.strip).to eq 'Description'
+  end
+
+  %w(pre code img ol ul li).each do |elem|
+    it "removes '#{elem}' elements" do
+      act = "<#{elem}>Description</#{elem}>"
+
+      expect(parse(act).strip).to eq 'Description'
+    end
+  end
+
+  %w(b i strong em a ins del sup sub p).each do |elem|
+    it "still allows '#{elem}' elements" do
+      exp = act = "<#{elem}>Description</#{elem}>"
+
+      expect(parse(act).strip).to eq exp
+    end
+  end
+end