diff options
| -rw-r--r-- | lib/gitlab/url_blocker.rb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/gitlab/url_blocker.rb b/lib/gitlab/url_blocker.rb index 8c04409ad12..7ba82034290 100644 --- a/lib/gitlab/url_blocker.rb +++ b/lib/gitlab/url_blocker.rb @@ -14,6 +14,8 @@ module Gitlab # Param url can be a string, URI or Addressable::URI uri = parse_url(url) + validate_html_tags!(uri) if enforce_sanitization + # Allow imports from the GitLab instance itself but only from the configured ports return true if internal?(uri) @@ -23,7 +25,6 @@ module Gitlab validate_user!(uri.user) if enforce_user validate_hostname!(uri.hostname) validate_unicode_restriction!(uri) if ascii_only - validate_html_tags!(uri) if enforce_sanitization begin addrs_info = Addrinfo.getaddrinfo(uri.hostname, port, nil, :STREAM).map do |addr| |