Skip to content

GitLab Next

Why GitLab
Pricing
Contact Sales
Explore

Sign in
Get free trial

Add option to whitelist _html fields from attributes on CacheMarkdownField

Review changes
Download
Patches
Plain diff

Douglas Barbosa Alexandre requested to merge 59208-add-option-to-keep-cached-fields-during-serialization into master Mar 20, 2019

Overview 12
Commits 4
Pipelines 6
Changes 5

What does this MR do?

CacheMarkdownField concern removes the _html fields and cached_markdown_version from attributes because they can contain unredacted HTML, which could be a security issue. This MR adds an option to whitelist which _html fields is safe to keep.

What are the relevant issue numbers?

#59208 (closed)

Does this MR meet the acceptance criteria?

Changelog entry added, if necessary
~~Documentation created/updated via this MR~~
~~Documentation reviewed by technical writer or follow-up review issue created~~
Tests added for this feature/bug
~~Tested in all supported browsers~~
Conforms to the code review guidelines
Conforms to the merge request performance guidelines
Conforms to the style guides
~~Conforms to the database guides~~
~~Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.~~
Security reports checked/validated by reviewer

/cc @stanhu @ashmckenzie @jarv

Merge request reports

Assignee

Select assignees

Reviewers

Request review from

Time tracking