Patch #16087 » redmine-markdown-scrub-classes.diff
| lib/redmine/wiki_formatting/markdown/formatter.rb | ||
|---|---|---|
| 16 | 16 |
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 | |
| 18 | 18 |
require 'cgi' |
| 19 |
require 'set' |
|
| 19 | 20 |
require 'loofah' |
| 20 | 21 | |
| 21 | 22 |
module Redmine |
| ... | ... | |
| 59 | 60 |
"#{$1}:\"#{$2}\""
|
| 60 | 61 |
end |
| 61 | 62 |
# return scrubbed HTML |
| 62 |
Loofah.fragment(html).scrub!(:strip).to_s |
|
| 63 |
Loofah.fragment(html).scrub!(:strip).scrub!(@@class_scrubber).to_s
|
|
| 63 | 64 |
end |
| 64 | 65 | |
| 65 | 66 |
def get_section(index) |
| ... | ... | |
| 118 | 119 | |
| 119 | 120 |
private |
| 120 | 121 | |
| 122 |
@@allowed_classes = Set['external', 'syntaxhl', 'ruby', 'keyword'] |
|
| 123 | ||
| 124 |
@@class_scrubber = Loofah::Scrubber.new do |node| |
|
| 125 |
class_ = node['class'] |
|
| 126 | ||
| 127 |
if class_ |
|
| 128 |
node['class'] = (Set.new(class_.split(/[ \t\n\f\r]/)) & @@allowed_classes).to_a.join ' ' |
|
| 129 |
end |
|
| 130 |
end |
|
| 131 | ||
| 121 | 132 |
def formatter |
| 122 | 133 |
@@formatter ||= Redcarpet::Markdown.new( |
| 123 | 134 |
Redmine::WikiFormatting::Markdown::HTML.new( |
- « Previous
- 1
- 2
- Next »