What does this MR do?
CacheMarkdownField
concern removes the _html
fields and cached_markdown_version
from attributes
because they can contain unredacted HTML, which could be a security issue. This MR adds an option to whitelist which _html
fields is safe to keep.
What are the relevant issue numbers?
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the database guides -
~~Link to e2e tests MR added if this MR has Requires e2e tests label. See the Test Planning Process.~~ -
Security reports checked/validated by reviewer
/cc @stanhu @ashmckenzie @jarv