Merge branch 'fix-rdoc-xss' into 'security'

Fix XSS in rdoc and other markups See https://dev.gitlab.org/gitlab/gitlabhq/merge_requests/2058
author: Robert Speicher <robert@gitlab.com> 2017-02-09 20:30:06 +0300
committer: Ruben Davila <rdavila84@gmail.com> 2017-02-14 02:13:27 +0300
commit: 54cc003b01cb8bebc3ee430a0eff1dfdff938579 (patch)
tree: c67821dcd53a70689ac18d34fc3701790ea0193b /lib/gitlab
parent: d1d3db08b50d7af69b2fd197f0002cdf9600481d (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gitlab/other_markup.rb b/lib/gitlab/other_markup.rb
index 4e2f8ed5587..e67acf28c94 100644
--- a/lib/gitlab/other_markup.rb
+++ b/lib/gitlab/other_markup.rb
@@ -17,6 +17,9 @@ module Gitlab
 
       html = Banzai.post_process(html, context)
 
+      filter = Banzai::Filter::SanitizationFilter.new(html)
+      html = filter.call.to_s
+
       html.html_safe
     end
   end
author	Robert Speicher <robert@gitlab.com>	2017-02-09 20:30:06 +0300
committer	Ruben Davila <rdavila84@gmail.com>	2017-02-14 02:13:27 +0300
commit	54cc003b01cb8bebc3ee430a0eff1dfdff938579 (patch)
tree	c67821dcd53a70689ac18d34fc3701790ea0193b /lib/gitlab
parent	d1d3db08b50d7af69b2fd197f0002cdf9600481d (diff)