Add whitelisted elements correctly in sanitization
Add whitelisted elements correctly in sanitization
Consider this command:
bundle exec rails r "include GitlabMarkdownHelper
puts markdown('<span>this is a span</span>', pipeline: :description)
puts markdown('<span>this is a span</span>')"
And the same in the opposite order:
bundle exec rails r "include GitlabMarkdownHelper
puts markdown('<span>this is a span</span>')
puts markdown('<span>this is a span</span>', pipeline: :description)"
Before this change, they would both output:
<p><span>this is a span</span></p>
<p>this is a span</p>
That's because span
is added to the list of whitelisted elements in
the SanitizationFilter
, but this method tries not to make the same
changes multiple times. Unfortunately,
HTML::Pipeline::SanitizationFilter::LIMITED
, which is used by the
DescriptionPipeline
, uses the same Ruby objects for all of its hash
values except :elements
.
That means that whichever of DescriptionPipeline
and GfmPipeline
is
called first would have span
in its whitelisted elements, and the
second wouldn't.
Fix this by adding a special check for modifying :elements
twice, then
checking :transformers
as before.