X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f0d67ab6f71cef3e7ce0fa850f7309a94e21671b..9c0ea426167e01ea69ff022a811803aa95a302d4:/apps/workbench/app/helpers/application_helper.rb

diff --git a/apps/workbench/app/helpers/application_helper.rb b/apps/workbench/app/helpers/application_helper.rb
index 9562e18a3f..c4a801d68b 100644
--- a/apps/workbench/app/helpers/application_helper.rb
+++ b/apps/workbench/app/helpers/application_helper.rb
@@ -16,7 +16,8 @@ module ApplicationHelper
   end
 
   def render_markup(markup)
-    sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile))) if markup
+    allowed_tags = Rails::Html::Sanitizer.white_list_sanitizer.allowed_tags + %w(table tbody th tr td col colgroup caption thead tfoot)
+    sanitize(raw(RedCloth.new(markup.to_s).to_html(:refs_arvados, :textile)), tags: allowed_tags) if markup
   end
 
   def human_readable_bytes_html(n)
@@ -673,7 +674,7 @@ module ApplicationHelper
   end
 
   # Keep locators are expected to be of the form \"...<pdh/file_path>\"
-  JSON_KEEP_LOCATOR_REGEXP = /[\'\"][^\'\"]*?([0-9a-f]{32}\+\d+[^\'\"]*?)[\'\"]/
+  JSON_KEEP_LOCATOR_REGEXP = /([0-9a-f]{32}\+\d+[^'"]*?)(?=['"]|\z|$)/
   def keep_locator_in_json str
     # Return a list of all matches
     str.scan(JSON_KEEP_LOCATOR_REGEXP).flatten