BigW Consortium Gitlab
Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
G
gitlab-ce
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
Forest Godfrey
gitlab-ce
Commits
640ab307
Commit
640ab307
authored
Sep 23, 2016
by
Yorick Peterse
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'fix/memory-leak-sanitization-filter' into 'master'
Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST See merge request !6456
parents
bc132ba3
ca823aba
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
8 additions
and
7 deletions
+8
-7
CHANGELOG
CHANGELOG
+1
-0
sanitization_filter.rb
lib/banzai/filter/sanitization_filter.rb
+7
-7
No files found.
CHANGELOG
View file @
640ab307
...
...
@@ -4,6 +4,7 @@ v 8.13.0 (unreleased)
- Speed-up group milestones show page
v 8.12.1 (unreleased)
- Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST
v 8.12.0
- Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251
...
...
lib/banzai/filter/sanitization_filter.rb
View file @
640ab307
...
...
@@ -7,7 +7,7 @@ module Banzai
UNSAFE_PROTOCOLS
=
%w(data javascript vbscript)
.
freeze
def
whitelist
whitelist
=
super
.
dup
whitelist
=
super
customize_whitelist
(
whitelist
)
...
...
@@ -42,20 +42,19 @@ module Banzai
# Allow any protocol in `a` elements...
whitelist
[
:protocols
].
delete
(
'a'
)
whitelist
[
:transformers
]
=
whitelist
[
:transformers
].
dup
# ...but then remove links with unsafe protocols
whitelist
[
:transformers
].
push
(
remove_unsafe_links
)
whitelist
[
:transformers
].
push
(
self
.
class
.
remove_unsafe_links
)
# Remove `rel` attribute from `a` elements
whitelist
[
:transformers
].
push
(
remove_rel
)
whitelist
[
:transformers
].
push
(
self
.
class
.
remove_rel
)
# Remove `class` attribute from non-highlight spans
whitelist
[
:transformers
].
push
(
clean_spans
)
whitelist
[
:transformers
].
push
(
self
.
class
.
clean_spans
)
whitelist
end
class
<<
self
def
remove_unsafe_links
lambda
do
|
env
|
node
=
env
[
:node
]
...
...
@@ -89,7 +88,7 @@ module Banzai
return
unless
node
.
name
==
'span'
return
unless
node
.
has_attribute?
(
'class'
)
unless
has_ancestor?
(
node
,
'pre'
)
unless
node
.
ancestors
.
any?
{
|
n
|
n
.
name
.
casecmp
(
'pre'
).
zero?
}
node
.
remove_attribute
(
'class'
)
end
...
...
@@ -98,4 +97,5 @@ module Banzai
end
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment