Merge branch 'pravi/gitlab-ce-update-html-pipeline' into 'master'

update html-pipeline 2.7.1 -> 2.8 Closes #48571 See merge request gitlab-org/gitlab-ce!20348

Merge branch 'pravi/gitlab-ce-update-html-pipeline' into 'master'
update html-pipeline 2.7.1 -> 2.8 Closes #48571 See merge request gitlab-org/gitlab-ce!20348
4854cfef · Douwe Maan · 8678cf9b · d699362a · 4854cfef · 4854cfef
Commit 4854cfef authored Jul 04, 2018 by Douwe Maan
Showing with 10 additions and 17 deletions

Gemfile Gemfile +1 -1

Gemfile.lock Gemfile.lock +2 -2

Gemfile.rails5.lock Gemfile.rails5.lock +2 -2

lib/banzai/filter/sanitization_filter.rb lib/banzai/filter/sanitization_filter.rb +5 -12

No files found.
--- a/Gemfile
+++ b/Gemfile
@@ -132,7 +132,7 @@ gem 'unf', '~> 0.1.4'
 gem 'seed-fu', '~> 2.3.7'
 # Markdown and HTML processing
-gem 'html-pipeline', '~> 2.7.1'
+gem 'html-pipeline', '~> 2.8'
 gem 'deckar01-task_list', '2.0.0'
 gem 'gitlab-markup', '~> 1.6.4'
 gem 'redcarpet', '~> 3.4'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -394,7 +394,7 @@ GEM
    hipchat (1.5.2)
      httparty
      mimemagic
-    html-pipeline (2.7.1)
+    html-pipeline (2.8.3)
      activesupport (>= 2)
      nokogiri (>= 1.4)
    html2text (0.2.0)
@@ -1061,7 +1061,7 @@ DEPENDENCIES
  hashie-forbidden_attributes
  health_check (~> 2.6.0)
  hipchat (~> 1.5.0)
-  html-pipeline (~> 2.7.1)
+  html-pipeline (~> 2.8)
  html2text
  httparty (~> 0.13.3)
  icalendar

--- a/Gemfile.rails5.lock
+++ b/Gemfile.rails5.lock
@@ -397,7 +397,7 @@ GEM
    hipchat (1.5.2)
      httparty
      mimemagic
-    html-pipeline (2.7.1)
+    html-pipeline (2.8.3)
      activesupport (>= 2)
      nokogiri (>= 1.4)
    html2text (0.2.0)
@@ -1071,7 +1071,7 @@ DEPENDENCIES
  hashie-forbidden_attributes
  health_check (~> 2.6.0)
  hipchat (~> 1.5.0)
-  html-pipeline (~> 2.7.1)
+  html-pipeline (~> 2.8)
  html2text
  httparty (~> 0.13.3)
  icalendar

--- a/lib/banzai/filter/sanitization_filter.rb
+++ b/lib/banzai/filter/sanitization_filter.rb
@@ -4,27 +4,20 @@ module Banzai
    #
    # Extends HTML::Pipeline::SanitizationFilter with a custom whitelist.
    class SanitizationFilter < HTML::Pipeline::SanitizationFilter
+      include Gitlab::Utils::StrongMemoize
      UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
      TABLE_ALIGNMENT_PATTERN = /text-align: (?<alignment>center|left|right)/
      def whitelist
-        whitelist = super
+        strong_memoize(:whitelist) do
+          customize_whitelist(super.dup)
-        customize_whitelist(whitelist)
+        end
-        whitelist
      end
      private
-      def customized?(transformers)
-        transformers.last.source_location[0] == __FILE__
-      end
      def customize_whitelist(whitelist)
-        # Only push these customizations once
-        return if customized?(whitelist[:transformers])
        # Allow table alignment; we whitelist specific text-align values in a
        # transformer below
        whitelist[:attributes]['th'] = %w(style)