From 21d89d0286e385d6d0a4debdbf7c801939c3e279 Mon Sep 17 00:00:00 2001 From: Stan Hu Date: Thu, 24 Mar 2016 22:39:58 -0700 Subject: Update SVG sanitizer to conform to SVG 1.1 Use a custom Loofah scrubber since sanitize 2.x transformers are inadequate to handle case-sensitive SVG attributes. sanitize parses documents as HTML instead of XML, which causes all SVG attribute names (e.g. viewBox) to be downcased. * SVG element list: https://www.w3.org/TR/SVG/eltindex.html * SVG attribute list: https://www.w3.org/TR/SVG/attindex.html Closes #14555 --- app/helpers/blob_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/helpers/blob_helper.rb') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 474c6f27374..93241b3afb7 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -131,7 +131,7 @@ module BlobHelper # elements and attributes. Note that this whitelist is by no means complete # and may omit some elements. def sanitize_svg(blob) - blob.data = Loofah.scrub_fragment(blob.data, :strip).to_xml + blob.data = Gitlab::Sanitizers::SVG.clean(blob.data) blob end -- cgit v1.2.1 From e166a8022a3f239938a1449a0a8ce3485f309766 Mon Sep 17 00:00:00 2001 From: Zeger-Jan van de Weg Date: Fri, 29 Apr 2016 16:25:03 +0200 Subject: Backend for a gitignores dropdown --- app/helpers/blob_helper.rb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'app/helpers/blob_helper.rb') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index 93241b3afb7..fb1b7649465 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -184,4 +184,8 @@ module BlobHelper Other: licenses.reject(&:featured).map { |license| [license.name, license.key] } } end + + def gitignores_for_select + @gitignores_for_select ||= Gitlab::Gitignore.all + end end -- cgit v1.2.1 From 1f5fcb638d6b432d76a639ccc35acc94d8ae6ac7 Mon Sep 17 00:00:00 2001 From: Alfredo Sumaran Date: Wed, 11 May 2016 19:38:43 -0500 Subject: Dropdown implementation --- app/helpers/blob_helper.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'app/helpers/blob_helper.rb') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index fb1b7649465..a3723d2c349 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -186,6 +186,12 @@ module BlobHelper end def gitignores_for_select - @gitignores_for_select ||= Gitlab::Gitignore.all + return @gitignores_for_select if defined?(@gitignores_for_select) + + @gitignores_for_select = { + Global: Gitlab::Gitignore.global.map{ |v| { text: v.name } }, + # Note that the key here doesn't cover it really + Languages: Gitlab::Gitignore.languages_frameworks.map{ |v| { text: v.name } } + } end end -- cgit v1.2.1 From ab96ca2bf1ae72817ff5cedf1792c8f7563ebdef Mon Sep 17 00:00:00 2001 From: Alfredo Sumaran Date: Fri, 13 May 2016 10:57:03 -0500 Subject: Dropdown implementation --- app/helpers/blob_helper.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'app/helpers/blob_helper.rb') diff --git a/app/helpers/blob_helper.rb b/app/helpers/blob_helper.rb index a3723d2c349..cec2dc753fe 100644 --- a/app/helpers/blob_helper.rb +++ b/app/helpers/blob_helper.rb @@ -185,13 +185,13 @@ module BlobHelper } end - def gitignores_for_select - return @gitignores_for_select if defined?(@gitignores_for_select) + def gitignore_names + return @gitignore_names if defined?(@gitignore_names) - @gitignores_for_select = { - Global: Gitlab::Gitignore.global.map{ |v| { text: v.name } }, + @gitignore_names = { + Global: Gitlab::Gitignore.global.map { |gitignore| { name: gitignore.name } }, # Note that the key here doesn't cover it really - Languages: Gitlab::Gitignore.languages_frameworks.map{ |v| { text: v.name } } + Languages: Gitlab::Gitignore.languages_frameworks.map{ |gitignore| { name: gitignore.name } } } end end -- cgit v1.2.1