Fix a regression with the new Markdown HTML sanitizing code.

Review Request #11598 — Created April 18, 2021 and submitted

chipx86
Review Board
release-3.0.x
reviewboard

3.0.21 fixed a security vulnerability in Markdown links by bringing in
bleach and bleach-allowlist, the latter of which contained
pre-defined HTML tags and attributes that are allowed by Markdown
output.

The list wasn't comprehensive enough, and it broke tables, code block
styling, and impacted emojis.

We're no longer using bleach-allowlist, and instead are defining our
own list of tags and attributes we consider safe for our needs. Along
with this, we now have unit tests covering all the Markdown features
that are either standard or provided through extensions we enable,
helping ensure we don't regress in the future.

Unit tests passed.

Manually tested that all formerly-broken functionality has been restored.

Summary
Fix a regression with the new Markdown HTML sanitizing code.
Description From Last Updated

tfoot?

daviddavid
chipx86
david
  1. 
      
  2. reviewboard/reviews/markdown_utils.py (Diff revision 1)
     
     
     
     
    1. Markdown tables don't use tfoot, but I'll include it anyway.

  3. 
      
chipx86
Review request changed

Status: Closed (submitted)

Change Summary:

Pushed to release-3.0.x (490a4b9)
Loading...