From 9b09856e7b853146ac4ff03d388f7063e6f0efbd Mon Sep 17 00:00:00 2001
From: Douwe Maan <douwe@gitlab.com>
Date: Wed, 30 Aug 2017 17:34:34 +0000
Subject: Merge branch 'rs-issue-36104' into 'security-9-5'

[9.5] Disallow the `name` attribute on all user-provided markup

See merge request gitlab/gitlabhq!2166
---
 lib/banzai/filter/sanitization_filter.rb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'lib/banzai')

diff --git a/lib/banzai/filter/sanitization_filter.rb b/lib/banzai/filter/sanitization_filter.rb
index 768baa4e227..9923ec4e870 100644
--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@@ -45,6 +45,9 @@ module Banzai
         whitelist[:elements].push('abbr')
         whitelist[:attributes]['abbr'] = %w(title)
 
+        # Disallow `name` attribute globally
+        whitelist[:attributes][:all].delete('name')
+
         # Allow any protocol in `a` elements...
         whitelist[:protocols].delete('a')
 
-- 
cgit v1.2.3