Merge branch '26790-label-color-todos' into 'master'

#26790 whitelist style attribute in event_note Closes #26790 See merge request !9155
author: Douwe Maan <douwe@gitlab.com> 2017-03-07 17:41:09 +0300
committer: Douwe Maan <douwe@gitlab.com> 2017-03-07 17:41:09 +0300
commit: f636854c9065a5048e5fff4a9f5176a01f47a58f (patch)
tree: c0d71f855b11153ec0bfd07dd51ba3dc86b8a269 /app/helpers
parent: b0668616038bbaccf5126023b16fe99b89006ee1 (diff)
parent: 9bcd05401d7de5620a241b3bf431f589f74ee6a5 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb
index 362046c0270..5605393c0c3 100644
--- a/app/helpers/events_helper.rb
+++ b/app/helpers/events_helper.rb
@@ -162,7 +162,12 @@ module EventsHelper
 
   def event_note(text, options = {})
     text = first_line_in_markdown(text, 150, options)
-    sanitize(text, tags: %w(a img b pre code p span))
+
+    sanitize(
+      text,
+      tags: %w(a img b pre code p span),
+      attributes: Rails::Html::WhiteListSanitizer.allowed_attributes + ['style']
+    )
   end
 
   def event_commit_title(message)
author	Douwe Maan <douwe@gitlab.com>	2017-03-07 17:41:09 +0300
committer	Douwe Maan <douwe@gitlab.com>	2017-03-07 17:41:09 +0300
commit	f636854c9065a5048e5fff4a9f5176a01f47a58f (patch)
tree	c0d71f855b11153ec0bfd07dd51ba3dc86b8a269 /app/helpers
parent	b0668616038bbaccf5126023b16fe99b89006ee1 (diff)
parent	9bcd05401d7de5620a241b3bf431f589f74ee6a5 (diff)