diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-03-07 14:41:09 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-03-07 14:41:09 +0000 |
| commit | f636854c9065a5048e5fff4a9f5176a01f47a58f (patch) | |
| tree | c0d71f855b11153ec0bfd07dd51ba3dc86b8a269 | |
| parent | b0668616038bbaccf5126023b16fe99b89006ee1 (diff) | |
| parent | 9bcd05401d7de5620a241b3bf431f589f74ee6a5 (diff) | |
| download | gitlab-ce-f636854c9065a5048e5fff4a9f5176a01f47a58f.tar.gz | |
Merge branch '26790-label-color-todos' into 'master'
#26790 whitelist style attribute in event_note
Closes #26790
See merge request !9155
| -rw-r--r-- | app/helpers/events_helper.rb | 7 | ||||
| -rw-r--r-- | changelogs/unreleased/26790-label-color-todos.yml | 4 | ||||
| -rw-r--r-- | spec/helpers/events_helper_spec.rb | 7 |
3 files changed, 17 insertions, 1 deletions
diff --git a/app/helpers/events_helper.rb b/app/helpers/events_helper.rb index 362046c0270..5605393c0c3 100644 --- a/app/helpers/events_helper.rb +++ b/app/helpers/events_helper.rb @@ -162,7 +162,12 @@ module EventsHelper def event_note(text, options = {}) text = first_line_in_markdown(text, 150, options) - sanitize(text, tags: %w(a img b pre code p span)) + + sanitize( + text, + tags: %w(a img b pre code p span), + attributes: Rails::Html::WhiteListSanitizer.allowed_attributes + ['style'] + ) end def event_commit_title(message) diff --git a/changelogs/unreleased/26790-label-color-todos.yml b/changelogs/unreleased/26790-label-color-todos.yml new file mode 100644 index 00000000000..74084473d81 --- /dev/null +++ b/changelogs/unreleased/26790-label-color-todos.yml @@ -0,0 +1,4 @@ +--- +title: fix background color for labels mention in todo +merge_request: 9155 +author: mhasbini diff --git a/spec/helpers/events_helper_spec.rb b/spec/helpers/events_helper_spec.rb index 594b40303bc..81ba693f2f3 100644 --- a/spec/helpers/events_helper_spec.rb +++ b/spec/helpers/events_helper_spec.rb @@ -61,6 +61,13 @@ describe EventsHelper do '</code></pre>' expect(helper.event_note(input)).to eq(expected) end + + it 'preserves style attribute within a tag' do + input = '<span class="" style="background-color: #44ad8e; color: #FFFFFF;"></span>' + expected = '<p><span style="background-color: #44ad8e; color: #FFFFFF;"></span></p>' + + expect(helper.event_note(input)).to eq(expected) + end end describe '#event_commit_title' do |