Patch #37750

Use existing html pipeline based sanitization for links in custom fields

Added by Jens Krämer 2 months ago. Updated 9 days ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Marius BALTEANU% Done:

0%

Category:Custom fields
Target version:5.1.0

Description

these patches, extracted from Planio, introduce a standalone HTML sanitizer class (based on the existing code from the common mark formatter) and use it to replace sanitization of links generated by custom fields, including the special class="external" and rel="noopener" treatment for external / target_blank links.

0003-uses-the-new-html-sanitizer-for-links-rendered-by-cu.patch Magnifier (11.2 KB) Jens Krämer, 2022-10-04 13:32

0001-always-bundle-html-pipeline-and-sanitizer-gems.patch Magnifier (930 Bytes) Jens Krämer, 2022-10-04 13:32

0002-introduces-a-standalone-html-sanitizer-class.patch Magnifier (3.15 KB) Jens Krämer, 2022-10-04 13:32

Associated revisions

Revision 21899
Added by Marius BALTEANU 2 months ago

Always bundle html-pipeline and sanitizer gems (#37750).

Patch by Jens Krämer.

Revision 21900
Added by Marius BALTEANU 2 months ago

Introduces a standalone html sanitizer class (#37750).

Patch by Jens Krämer.

Revision 21901
Added by Marius BALTEANU 2 months ago

Uses the new html sanitizer for links rendered by custom fields (#37750).

Patch by Jens Krämer.

Revision 21911
Added by Go MAEDA about 1 month ago

Add a copyright header (#37750).

Revision 21912
Added by Go MAEDA about 1 month ago

Fix RuboCop offenses Layout/EmptyLinesAroundModuleBody, Layout/EmptyLinesAroundClassBody, and Layout/TrailingEmptyLines in html_sanitizer.rb (#37750).

Revision 21913
Added by Go MAEDA about 1 month ago

Fix RuboCop offense Layout/FirstArrayElementIndentation in html_sanitizer.rb (#37750).

Revision 21914
Added by Go MAEDA about 1 month ago

Fix RuboCop offenses Layout/EmptyLinesAroundClassBody and Layout/TrailingEmptyLines in html_sanitizer_test.rb (#37750).

History

#1 Updated by Marius BALTEANU 2 months ago

  • Target version set to 5.1.0

#2 Updated by Marius BALTEANU 2 months ago

  • Status changed from New to Resolved
  • Assignee set to Marius BALTEANU

All three patches committed, thanks!

#3 Updated by Marius BALTEANU 2 months ago

  • Subject changed from use existing html pipeline based sanitization for links in custom fields to Use existing html pipeline based sanitization for links in custom fields

#4 Updated by Marius BALTEANU 9 days ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF