diff options
| author | Vinnie Okada <vokada@mrvinn.com> | 2015-03-17 21:17:00 -0600 | 
|---|---|---|
| committer | Vinnie Okada <vokada@mrvinn.com> | 2015-03-19 21:24:07 -0600 | 
| commit | 52bf95ae380dc06243d0c4e5c8eb80f8be15a4f3 (patch) | |
| tree | bc553c8226b8f4fb23661731b6d489e25bfe2553 /doc/markdown | |
| parent | feeffc442618d92040cd1cc38158b689a09988fd (diff) | |
| download | gitlab-ce-52bf95ae380dc06243d0c4e5c8eb80f8be15a4f3.tar.gz | |
Change HTML sanitization
Use the `SanitizationFilter` class from the html-pipeline gem for inline
HTML instead of calling the Rails `sanitize` method.
Diffstat (limited to 'doc/markdown')
| -rw-r--r-- | doc/markdown/markdown.md | 59 | 
1 files changed, 1 insertions, 58 deletions
| diff --git a/doc/markdown/markdown.md b/doc/markdown/markdown.md index ddf1bbc6ee4..4ab73df8af9 100644 --- a/doc/markdown/markdown.md +++ b/doc/markdown/markdown.md @@ -440,64 +440,7 @@ Note that inline HTML is disabled in the default Gitlab configuration, although    <dd>Does *not* work **very** well. Use HTML <em>tags</em>.</dd>  </dl> -The following tags can be used: - -* `<a/>` -* `<abbr/>` -* `<acronym/>` -* `<address/>` -* `<b/>` -* `<big/>` -* `<blockquote/>` -* `<br/>` -* `<cite/>` -* `<code/>` -* `<dd/>` -* `<del/>` -* `<dfn/>` -* `<div/>` -* `<dl/>` -* `<dt/>` -* `<em/>` -* `<h1/>` -* `<h2/>` -* `<h3/>` -* `<h4/>` -* `<h5/>` -* `<h6/>` -* `<hr/>` -* `<i/>` -* `<img/>` -* `<ins/>` -* `<kbd/>` -* `<li/>` -* `<ol/>` -* `<p/>` -* `<pre/>` -* `<samp/>` -* `<small/>` -* `<span/>` -* `<strong/>` -* `<sub/>` -* `<sup/>` -* `<tt/>` -* `<ul/>` -* `<var/>` - -You can also use the following HTML attributes in your inline tags: - -* `abbr` -* `alt` -* `cite` -* `class` -* `datetime` -* `height` -* `href` -* `name` -* `src` -* `title` -* `width` -* `xml:lang` +See the documentation for HTML::Pipeline's [SanitizationFilter](http://www.rubydoc.info/gems/html-pipeline/HTML/Pipeline/SanitizationFilter#WHITELIST-constant) class for the list of allowed HTML tags and attributes.  In addition to the default `SanitizationFilter` whitelist, GitLab allows the `class`, `id`, and `style` attributes.  ## Horizontal Rule | 
