[ARVADOS] created: 1.1.4-787-g7a940bad0
Git user
git at public.curoverse.com
Tue Aug 14 13:02:13 EDT 2018
at 7a940bad07ecec64a76f1dd1ddbe3d6b57895ac6 (commit)
commit 7a940bad07ecec64a76f1dd1ddbe3d6b57895ac6
Author: Lucas Di Pentima <ldipentima at veritasgenetics.com>
Date: Tue Aug 14 14:01:36 2018 -0300
14028: Sanitize RedCloth's output.
Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <ldipentima at veritasgenetics.com>
diff --git a/apps/workbench/app/helpers/application_helper.rb b/apps/workbench/app/helpers/application_helper.rb
index 106716a0f..cba0c6269 100644
--- a/apps/workbench/app/helpers/application_helper.rb
+++ b/apps/workbench/app/helpers/application_helper.rb
@@ -16,7 +16,7 @@ module ApplicationHelper
end
def render_markup(markup)
- raw RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile) if markup
+ sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile))) if markup
end
def human_readable_bytes_html(n)
-----------------------------------------------------------------------
hooks/post-receive
--
More information about the arvados-commits
mailing list