Commit cc29ce49 authored by Vinnie Okada's avatar Vinnie Okada

Don't allow style attributes in inline HTML

parent 52bf95ae
Please view this file on the master branch, on stable branches it's out of date.
v 7.10.0 (unreleased)
- Allow HTML tags in Markdown input
v 7.9.0 (unreleased)
- Add HipChat integration documentation (Stan Hu)
......@@ -88,7 +88,7 @@ module Gitlab
whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST
whitelist[:attributes][:all].push('class', 'id', 'style')
whitelist[:attributes][:all].push('class', 'id')
# Remove the rel attribute that the sanitize gem adds, and remove the
# href attribute if it contains inline javascript
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment