Delete gist embed rule to avoid XSS

lib/qiita/markdown.rb

@@ -10,7 +10,6 @@
 require "qiita/markdown/embed/code_pen"
 require "qiita/markdown/embed/tweet"
 require "qiita/markdown/embed/asciinema"
-require "qiita/markdown/embed/gist"
 require "qiita/markdown/embed/youtube"
 require "qiita/markdown/embed/slide_share"
 require "qiita/markdown/embed/google_slide"

lib/qiita/markdown/transformers/filter_script.rb

@@ -10,7 +10,6 @@ class FilterScript
 
         HOST_WHITE_LIST = [
           Embed::Asciinema::SCRIPT_HOST,
-          Embed::Gist::SCRIPT_HOST,
         ].flatten.freeze
 
         def self.call(*args)

spec/qiita/markdown/processor_spec.rb

@@ -1451,28 +1451,6 @@
         end
       end
 
-      context "with HTML embed code for Gist" do
-        let(:markdown) do
-          <<-MARKDOWN.strip_heredoc
-            <script id="example" src="https://gist.github.com/a/example.js"></script>
-          MARKDOWN
-        end
-
-        if allowed
-          it "does not sanitize embed code" do
-            should eq <<-HTML.strip_heredoc
-              <script id="example" src="https://gist.github.com/a/example.js"></script>
-            HTML
-          end
-        else
-          it "forces async attribute on script" do
-            should eq <<-HTML.strip_heredoc
-              <script id="example" src="https://gist.github.com/a/example.js" async="async"></script>
-            HTML
-          end
-        end
-      end
-
       context "with HTML embed code for Youtube" do
         let(:markdown) do
           <<-MARKDOWN.strip_heredoc