Add a `pipeline` context option for SanitizationFilter

When this option is `:description`, we use a more restrictive whitelist. This is used for Project and Group description fields.
author: Robert Speicher <rspeicher@gmail.com> 2015-05-30 02:01:12 +0300
committer: Robert Speicher <rspeicher@gmail.com> 2015-06-02 20:04:10 +0300
commit: 023dd2907b4afa0bae5f8482cae75e1edd6954a8 (patch)
tree: 930783eafc875c69ebab009f6f0188ff58092bf1 /spec
parent: 1a52f19c456dfa307dd7fa0e5adbaa2ed1a68889 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/lib/gitlab/markdown/sanitization_filter_spec.rb b/spec/lib/gitlab/markdown/sanitization_filter_spec.rb
index 4a1aa766149..80f3d2f2634 100644
--- a/spec/lib/gitlab/markdown/sanitization_filter_spec.rb
+++ b/spec/lib/gitlab/markdown/sanitization_filter_spec.rb
@@ -42,6 +42,13 @@ module Gitlab::Markdown
     end
 
     describe 'custom whitelist' do
+      it 'customizes the whitelist only once' do
+        instance = described_class.new('Foo')
+        3.times { instance.whitelist }
+
+        expect(instance.whitelist[:transformers].size).to eq 4
+      end
+
       it 'allows syntax highlighting' do
         exp = act = %q{<pre class="code highlight white c"><code><span class="k">def</span></code></pre>}
         expect(filter(act).to_html).to eq exp
@@ -87,5 +94,12 @@ module Gitlab::Markdown
         expect(doc.at_css('a')['href']).to be_nil
       end
     end
+
+    context 'when pipeline is :description' do
+      it 'uses a stricter whitelist' do
+        doc = filter('<h1>My Project</h1>', pipeline: :description)
+        expect(doc.to_html.strip).to eq 'My Project'
+      end
+    end
   end
 end
author	Robert Speicher <rspeicher@gmail.com>	2015-05-30 02:01:12 +0300
committer	Robert Speicher <rspeicher@gmail.com>	2015-06-02 20:04:10 +0300
commit	023dd2907b4afa0bae5f8482cae75e1edd6954a8 (patch)
tree	930783eafc875c69ebab009f6f0188ff58092bf1 /spec
parent	1a52f19c456dfa307dd7fa0e5adbaa2ed1a68889 (diff)