Commit e9ecbd3d authored by Stan Hu's avatar Stan Hu

Fix warning messages with SVG ALLOWED_ELEMENTS

Eliminates "warning: already initialized constant Gitlab::Sanitizers::SVG::ALLOWED_ELEMENTS"
parent 4607323e
require_relative "svg/whitelist"
module Gitlab
module Sanitizers
module SVG
......@@ -12,14 +10,14 @@ module Gitlab
DATA_ATTR_PATTERN = /\Adata-(?!xml)[a-z_][\w.\u00E0-\u00F6\u00F8-\u017F\u01DD-\u02AF-]*\z/u
def scrub(node)
unless ALLOWED_ELEMENTS.include?(node.name)
unless Whitelist::ALLOWED_ELEMENTS.include?(node.name)
node.unlink
else
node.attributes.each do |attr_name, attr|
valid_attributes = ALLOWED_ATTRIBUTES[node.name]
valid_attributes = Whitelist::ALLOWED_ATTRIBUTES[node.name]
unless valid_attributes && valid_attributes.include?(attr_name)
if ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS.include?(node.name) &&
if Whitelist::ALLOWED_DATA_ATTRIBUTES_IN_ELEMENTS.include?(node.name) &&
attr_name.start_with?('data-')
# Arbitrary data attributes are allowed. Verify that the attribute
# is a valid data attribute.
......
......@@ -4,6 +4,7 @@
module Gitlab
module Sanitizers
module SVG
class Whitelist
ALLOWED_ELEMENTS = %w[
a altGlyph altGlyphDef altGlyphItem animate
animateColor animateMotion animateTransform circle clipPath color-profile
......@@ -104,4 +105,5 @@ module Gitlab
}.freeze
end
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment