Patch #16087 » redmine-markdown-scrub-classes.diff
lib/redmine/wiki_formatting/markdown/formatter.rb | ||
---|---|---|
16 | 16 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
17 | 17 | |
18 | 18 |
require 'cgi' |
19 |
require 'set' |
|
19 | 20 |
require 'loofah' |
20 | 21 | |
21 | 22 |
module Redmine |
... | ... | |
59 | 60 |
"#{$1}:\"#{$2}\"" |
60 | 61 |
end |
61 | 62 |
# return scrubbed HTML |
62 |
Loofah.fragment(html).scrub!(:strip).to_s |
|
63 |
Loofah.fragment(html).scrub!(:strip).scrub!(@@class_scrubber).to_s
|
|
63 | 64 |
end |
64 | 65 | |
65 | 66 |
def get_section(index) |
... | ... | |
118 | 119 | |
119 | 120 |
private |
120 | 121 | |
122 |
@@allowed_classes = Set['external', 'syntaxhl', 'ruby', 'keyword'] |
|
123 | ||
124 |
@@class_scrubber = Loofah::Scrubber.new do |node| |
|
125 |
class_ = node['class'] |
|
126 | ||
127 |
if class_ |
|
128 |
node['class'] = (Set.new(class_.split(/[ \t\n\f\r]/)) & @@allowed_classes).to_a.join ' ' |
|
129 |
end |
|
130 |
end |
|
131 | ||
121 | 132 |
def formatter |
122 | 133 |
@@formatter ||= Redcarpet::Markdown.new( |
123 | 134 |
Redmine::WikiFormatting::Markdown::HTML.new( |
- « Previous
- 1
- 2
- Next »