diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 21:42:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-08-20 21:42:06 +0300 |
commit | 6e4e1050d9dba2b7b2523fdd1768823ab85feef4 (patch) | |
tree | 78be5963ec075d80116a932011d695dd33910b4e /app/assets/javascripts/notebook | |
parent | 1ce776de4ae122aba3f349c02c17cebeaa8ecf07 (diff) |
Add latest changes from gitlab-org/gitlab@13-3-stable-ee
Diffstat (limited to 'app/assets/javascripts/notebook')
-rw-r--r-- | app/assets/javascripts/notebook/cells/markdown.vue | 81 | ||||
-rw-r--r-- | app/assets/javascripts/notebook/cells/output/html.vue | 7 |
2 files changed, 39 insertions, 49 deletions
diff --git a/app/assets/javascripts/notebook/cells/markdown.vue b/app/assets/javascripts/notebook/cells/markdown.vue index fcb09ea90db..fa1afdcd16f 100644 --- a/app/assets/javascripts/notebook/cells/markdown.vue +++ b/app/assets/javascripts/notebook/cells/markdown.vue @@ -1,6 +1,6 @@ <script> import marked from 'marked'; -import sanitize from 'sanitize-html'; +import { sanitize } from 'dompurify'; import katex from 'katex'; import Prompt from './prompt.vue'; @@ -104,65 +104,58 @@ export default { return sanitize(marked(this.cell.source.join('').replace(/\\/g, '\\\\')), { // allowedTags from GitLab's inline HTML guidelines // https://docs.gitlab.com/ee/user/markdown.html#inline-html - allowedTags: [ + ALLOWED_TAGS: [ + 'a', + 'abbr', + 'b', + 'blockquote', + 'br', + 'code', + 'dd', + 'del', + 'div', + 'dl', + 'dt', + 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', - 'h7', - 'h8', - 'br', - 'b', + 'hr', 'i', - 'strong', - 'em', - 'a', - 'pre', - 'code', 'img', - 'tt', - 'div', 'ins', - 'del', - 'sup', - 'sub', - 'p', - 'ol', - 'ul', - 'table', - 'thead', - 'tbody', - 'tfoot', - 'blockquote', - 'dl', - 'dt', - 'dd', 'kbd', + 'li', + 'ol', + 'p', + 'pre', 'q', - 'samp', - 'var', - 'hr', - 'ruby', - 'rt', 'rp', - 'li', - 'tr', - 'td', - 'th', + 'rt', + 'ruby', 's', - 'strike', + 'samp', 'span', - 'abbr', - 'abbr', + 'strike', + 'strong', + 'sub', 'summary', + 'sup', + 'table', + 'tbody', + 'td', + 'tfoot', + 'th', + 'thead', + 'tr', + 'tt', + 'ul', + 'var', ], - allowedAttributes: { - '*': ['class', 'style'], - a: ['href'], - img: ['src'], - }, + ALLOWED_ATTR: ['class', 'style', 'href', 'src'], }); }, }, diff --git a/app/assets/javascripts/notebook/cells/output/html.vue b/app/assets/javascripts/notebook/cells/output/html.vue index 8dc2d73af9b..b36761993ea 100644 --- a/app/assets/javascripts/notebook/cells/output/html.vue +++ b/app/assets/javascripts/notebook/cells/output/html.vue @@ -1,5 +1,5 @@ <script> -import sanitize from 'sanitize-html'; +import { sanitize } from 'dompurify'; import Prompt from '../prompt.vue'; export default { @@ -23,10 +23,7 @@ export default { computed: { sanitizedOutput() { return sanitize(this.rawCode, { - allowedTags: sanitize.defaults.allowedTags.concat(['img', 'svg']), - allowedAttributes: { - img: ['src'], - }, + ALLOWED_ATTR: ['src'], }); }, showOutput() { |