diff options
author | Robert Speicher <robert@gitlab.com> | 2017-02-09 20:30:06 +0300 |
---|---|---|
committer | Ruben Davila <rdavila84@gmail.com> | 2017-02-14 02:13:27 +0300 |
commit | 54cc003b01cb8bebc3ee430a0eff1dfdff938579 (patch) | |
tree | c67821dcd53a70689ac18d34fc3701790ea0193b /lib/gitlab | |
parent | d1d3db08b50d7af69b2fd197f0002cdf9600481d (diff) |
Merge branch 'fix-rdoc-xss' into 'security'
Fix XSS in rdoc and other markups
See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2058
Diffstat (limited to 'lib/gitlab')
-rw-r--r-- | lib/gitlab/other_markup.rb | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab/other_markup.rb b/lib/gitlab/other_markup.rb index 4e2f8ed5587..e67acf28c94 100644 --- a/lib/gitlab/other_markup.rb +++ b/lib/gitlab/other_markup.rb @@ -17,6 +17,9 @@ module Gitlab html = Banzai.post_process(html, context) + filter = Banzai::Filter::SanitizationFilter.new(html) + html = filter.call.to_s + html.html_safe end end |