From 48ce1e45b877fc34308ff5852252d53fab8c5e29 Mon Sep 17 00:00:00 2001
From: Charmander <campersander@gmail.com>
Date: Wed, 12 Feb 2014 18:23:54 -0800
Subject: Added incomplete class filter.

---
 lib/redmine/wiki_formatting/markdown/formatter.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/redmine/wiki_formatting/markdown/formatter.rb b/lib/redmine/wiki_formatting/markdown/formatter.rb
index e78d867..22d7a91 100644
--- a/lib/redmine/wiki_formatting/markdown/formatter.rb
+++ b/lib/redmine/wiki_formatting/markdown/formatter.rb
@@ -16,6 +16,7 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 
 require 'cgi'
+require 'set'
 require 'loofah'
 
 module Redmine
@@ -59,7 +60,7 @@ module Redmine
             "#{$1}:\"#{$2}\""
           end
           # return scrubbed HTML
-          Loofah.fragment(html).scrub!(:strip).to_s
+          Loofah.fragment(html).scrub!(:strip).scrub!(@@class_scrubber).to_s
         end
 
         def get_section(index)
@@ -118,6 +119,16 @@ module Redmine
 
         private
 
+        @@allowed_classes = Set['external', 'syntaxhl', 'ruby', 'keyword']
+
+        @@class_scrubber = Loofah::Scrubber.new do |node|
+          class_ = node['class']
+
+          if class_
+            node['class'] = (Set.new(class_.split(/[ \t\n\f\r]/)) & @@allowed_classes).to_a.join ' '
+          end
+        end
+
         def formatter
           @@formatter ||= Redcarpet::Markdown.new(
             Redmine::WikiFormatting::Markdown::HTML.new(
-- 
1.8.5.4