-
- Downloads
Update SVG sanitizer to conform to SVG 1.1
Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate to handle case-sensitive SVG attributes. sanitize parses documents as HTML instead of XML, which causes all SVG attribute names (e.g. viewBox) to be downcased. * SVG element list: https://www.w3.org/TR/SVG/eltindex.html * SVG attribute list: https://www.w3.org/TR/SVG/attindex.html Closes #14555
Showing
- CHANGELOG 1 addition, 0 deletionsCHANGELOG
- app/helpers/blob_helper.rb 1 addition, 1 deletionapp/helpers/blob_helper.rb
- lib/gitlab/sanitizers/svg.rb 37 additions, 0 deletionslib/gitlab/sanitizers/svg.rb
- lib/gitlab/sanitizers/svg/whitelist.rb 107 additions, 0 deletionslib/gitlab/sanitizers/svg/whitelist.rb
- spec/fixtures/sanitized.svg 50 additions, 0 deletionsspec/fixtures/sanitized.svg
- spec/fixtures/unsanitized.svg 50 additions, 0 deletionsspec/fixtures/unsanitized.svg
- spec/helpers/blob_helper_spec.rb 12 additions, 0 deletionsspec/helpers/blob_helper_spec.rb
Loading
Please register or sign in to comment