Merge branch 'fix/memory-leak-sanitization-filter' into 'master'

Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST

See merge request !6456

CHANGELOG

 Please view this file on the master branch, on stable branches it's out of date.
 
 v 8.12.1 (unreleased)
+  - Fix a memory leak in HTML::Pipeline::SanitizationFilter::WHITELIST
 
 v 8.12.0
   - Update the rouge gem to 2.0.6, which adds highlighting support for JSX, Prometheus, and others. !6251

lib/banzai/filter/sanitization_filter.rb

@@ -7,7 +7,7 @@ module Banzai
       UNSAFE_PROTOCOLS = %w(data javascript vbscript).freeze
 
       def whitelist
-        whitelist = super.dup
+        whitelist = super
 
         customize_whitelist(whitelist)
 
@@ -42,20 +42,19 @@ module Banzai
         # Allow any protocol in `a` elements...
         whitelist[:protocols].delete('a')
 
-        whitelist[:transformers] = whitelist[:transformers].dup
-
         # ...but then remove links with unsafe protocols
-        whitelist[:transformers].push(remove_unsafe_links)
+        whitelist[:transformers].push(self.class.remove_unsafe_links)
 
         # Remove `rel` attribute from `a` elements
-        whitelist[:transformers].push(remove_rel)
+        whitelist[:transformers].push(self.class.remove_rel)
 
         # Remove `class` attribute from non-highlight spans
-        whitelist[:transformers].push(clean_spans)
+        whitelist[:transformers].push(self.class.clean_spans)
 
         whitelist
       end
 
+      class << self
         def remove_unsafe_links
           lambda do |env|
             node = env[:node]
@@ -89,7 +88,7 @@ module Banzai
             return unless node.name == 'span'
             return unless node.has_attribute?('class')
 
-          unless has_ancestor?(node, 'pre')
+            unless node.ancestors.any? { |n| n.name.casecmp('pre').zero? }
               node.remove_attribute('class')
             end
 
@@ -98,4 +97,5 @@ module Banzai
         end
       end
     end
+  end
 end