github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-24 01:21:23 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: deprecate whitelist constants (#10716)

Browse Source 
Deprecation of:
WHITELISTED_REDIRECT_HOSTNAMES
CUSTOM_INTERPOLATION_KEYS_WHITELIST
WHITELISTED_SVG_ELEMENTS
This commit is contained in:
Krzysztof Kotlarek
2020-09-28 13:52:05 +10:00
committed by GitHub
parent bab56fdb9d
commit e7c72cd1e4
5 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/upload_creator.rb
View File

@ -6,12 +6,15 @@ class UploadCreator
TYPES_TO_CROP ||= %w{avatar card_background custom_emoji profile_background}.each(&:freeze)
WHITELISTED_SVG_ELEMENTS ||= %w{
ALLOWED_SVG_ELEMENTS ||= %w{
circle clippath defs ellipse feGaussianBlur filter g line linearGradient
marker path polygon polyline radialGradient rect stop style svg text
textpath tref tspan use
}.each(&:freeze)
include ActiveSupport::Deprecation::DeprecatedConstantAccessor
deprecate_constant 'WHITELISTED_SVG_ELEMENTS', 'UploadCreator::ALLOWED_SVG_ELEMENTS'
# Available options
# - type (string)
# - origin (string)
@ -403,7 +406,7 @@ class UploadCreator
end
def svg_allowlist_xpath
@@svg_allowlist_xpath ||= "//*[#{WHITELISTED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
@@svg_allowlist_xpath ||= "//*[#{ALLOWED_SVG_ELEMENTS.map { |e| "name()!='#{e}'" }.join(" and ") }]"
end
def add_metadata!