0008-Replace-deprecated-Sanitize-keywords-32424.patch

Marius BALTEANU, 2021-07-04 12:21

Download (3.63 KB)

View differences:

lib/redmine/wiki_formatting/common_mark/sanitization_filter.rb
27 27
          "a" => %w(href).freeze,
28 28
        }.freeze
29 29

  
30
        def whitelist
31
          @@whitelist ||= customize_whitelist(super.deep_dup)
30
        def allowlist
31
          @@allowlist ||= customize_allowlist(super.deep_dup)
32 32
        end
33 33

  
34 34
        private
35 35

  
36
        # customizes the whitelist defined in
36
        # customizes the allowlist defined in
37 37
        # https://github.com/jch/html-pipeline/blob/master/lib/html/pipeline/sanitization_filter.rb
38
        def customize_whitelist(whitelist)
38
        def customize_allowlist(allowlist)
39 39
          # Disallow `name` attribute globally, allow on `a`
40
          whitelist[:attributes][:all].delete("name")
41
          whitelist[:attributes]["a"].push("name")
40
          allowlist[:attributes][:all].delete("name")
41
          allowlist[:attributes]["a"].push("name")
42 42

  
43 43
          # allow class on code tags (this holds the language info from fenced
44 44
          # code bocks and has the format language-foo)
45
          whitelist[:attributes]["code"] = %w(class)
46
          whitelist[:transformers].push lambda{|env|
45
          allowlist[:attributes]["code"] = %w(class)
46
          allowlist[:transformers].push lambda{|env|
47 47
            node = env[:node]
48 48
            return unless node.name == "code"
49 49
            return unless node.has_attribute?("class")
......
59 59
          # commonmarker option (which we do not, currently).
60 60
          # By default, the align attribute is used (which is allowed on all
61 61
          # elements).
62
          # whitelist[:attributes]["th"] = %w(style)
63
          # whitelist[:attributes]["td"] = %w(style)
64
          # whitelist[:css] = { properties: ["text-align"] }
62
          # allowlist[:attributes]["th"] = %w(style)
63
          # allowlist[:attributes]["td"] = %w(style)
64
          # allowlist[:css] = { properties: ["text-align"] }
65 65

  
66 66
          # Allow `id` in a and li elements for footnotes
67 67
          # and remove any `id` properties not matching for footnotes
68
          whitelist[:attributes]["a"].push "id"
69
          whitelist[:attributes]["li"] = %w(id)
70
          whitelist[:transformers].push lambda{|env|
68
          allowlist[:attributes]["a"].push "id"
69
          allowlist[:attributes]["li"] = %w(id)
70
          allowlist[:transformers].push lambda{|env|
71 71
            node = env[:node]
72 72
            return unless node.name == "a" || node.name == "li"
73 73
            return unless node.has_attribute?("id")
......
78 78
          }
79 79

  
80 80
          # https://github.com/rgrove/sanitize/issues/209
81
          whitelist[:protocols].delete("a")
82
          whitelist[:transformers].push lambda{|env|
81
          allowlist[:protocols].delete("a")
82
          allowlist[:transformers].push lambda{|env|
83 83
            node = env[:node]
84 84
            return if node.type != Nokogiri::XML::Node::ELEMENT_NODE
85 85

  
......
96 96
            end
97 97
          }
98 98

  
99
          whitelist
99
          allowlist
100 100
        end
101 101
      end
102 102
    end
103
-