Merge pull request #19252 from kaspth/single-escaping-strip-tags

Let strip_tags leave HTML escaping to Rails.
author: Rafael Mendonça França <rafaelmfranca@gmail.com> 2015-03-10 16:05:47 -0300
committer: Rafael Mendonça França <rafaelmfranca@gmail.com> 2015-03-10 16:05:47 -0300
commit: 2c1f6267f97115ad1c3a4c923922f8c543039681 (patch)
tree: 192bb0dd0b9f5dba060ee1a8b01d775310b5ad5f
parent: 4e7217027f1933d5860ba459b3d23f454272f709 (diff)
parent: 37695b8aabc1386f21039b16c32541d71f0d4182 (diff)
download: rails-2c1f6267f97115ad1c3a4c923922f8c543039681.tar.gz
rails-2c1f6267f97115ad1c3a4c923922f8c543039681.tar.bz2
rails-2c1f6267f97115ad1c3a4c923922f8c543039681.zip
6 files changed, 19 insertions, 7 deletions
diff --git a/Gemfile b/Gemfile
index 2fdcec062c..0e3a73e82a 100644
--- a/Gemfile
+++ b/Gemfile
@@ -10,6 +10,8 @@ gem 'rake', '>= 10.3'
 # ensure correct loading order
 gem 'mocha', '~> 0.14', require: false
 
+gem 'rails-html-sanitizer', '~> 1.0.2', github: 'rails/rails-html-sanitizer'
+
 gem 'rack-cache', '~> 1.2'
 gem 'jquery-rails', github: 'rails/jquery-rails', branch: 'master'
 gem 'coffee-rails', '~> 4.1.0'
diff --git a/Gemfile.lock b/Gemfile.lock
index 0dc7559d9e..c879cd15b9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -35,6 +35,13 @@ GIT
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
 
+GIT
+  remote: git://github.com/rails/rails-html-sanitizer.git
+  revision: 4f0f7810fce6c8aa63de07a40d69d6027a30acaf
+  specs:
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+
 PATH
   remote: .
   specs:
@@ -50,13 +57,13 @@ PATH
       rack (~> 1.6)
       rack-test (~> 0.6.3)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionview (5.0.0.alpha)
       activesupport (= 5.0.0.alpha)
       builder (~> 3.1)
       erubis (~> 2.7.0)
       rails-dom-testing (~> 1.0, >= 1.0.5)
-      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+      rails-html-sanitizer (~> 1.0, >= 1.0.2)
     activejob (5.0.0.alpha)
       activesupport (= 5.0.0.alpha)
       globalid (>= 0.3.0)
@@ -165,8 +172,6 @@ GEM
       activesupport (>= 4.2.0.beta, < 5.0)
       nokogiri (~> 1.6.0)
       rails-deprecated_sanitizer (>= 1.0.1)
-    rails-html-sanitizer (1.0.1)
-      loofah (~> 2.0)
     rake (10.4.2)
     rdoc (4.2.0)
     redcarpet (3.2.2)
@@ -274,6 +279,7 @@ DEPENDENCIES
   racc (>= 1.4.6)
   rack-cache (~> 1.2)
   rails!
+  rails-html-sanitizer (~> 1.0.2)!
   rake (>= 10.3)
   redcarpet (~> 3.2.2)
   resque
diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
index 7a01289e43..b6b70a027c 100644
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'rack',      '~> 1.6'
   s.add_dependency 'rack-test', '~> 0.6.3'
-  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.1'
+  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.2'
   s.add_dependency 'rails-dom-testing', '~> 1.0', '>= 1.0.5'
   s.add_dependency 'actionview', version
 
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 59fb4c0b72..d8ea9d562c 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'builder',       '~> 3.1'
   s.add_dependency 'erubis',        '~> 2.7.0'
-  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.1'
+  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.2'
   s.add_dependency 'rails-dom-testing', '~> 1.0', '>= 1.0.5'
 
   s.add_development_dependency 'actionpack',  version
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 463a4e9f60..a2e9f37453 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -99,7 +99,7 @@ module ActionView
       #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
       #   # => Welcome to my website!
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html)
+        self.class.full_sanitizer.sanitize(html, encode_special_chars: false)
       end
 
       # Strips all link tags from +html+ leaving just the link text.
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb
index e4be21be2c..efe846a7eb 100644
--- a/actionview/test/template/sanitize_helper_test.rb
+++ b/actionview/test/template/sanitize_helper_test.rb
@@ -29,6 +29,10 @@ class SanitizeHelperTest < ActionView::TestCase
     assert_equal "", strip_tags("<script>")
   end
 
+  def test_strip_tags_will_not_encode_special_characters
+    assert_equal "test\r\n\r\ntest", strip_tags("test\r\n\r\ntest")
+  end
+
   def test_sanitize_is_marked_safe
     assert sanitize("<html><script></script></html>").html_safe?
   end
author	Rafael Mendonça França <rafaelmfranca@gmail.com>	2015-03-10 16:05:47 -0300
committer	Rafael Mendonça França <rafaelmfranca@gmail.com>	2015-03-10 16:05:47 -0300
commit	2c1f6267f97115ad1c3a4c923922f8c543039681 (patch)
tree	192bb0dd0b9f5dba060ee1a8b01d775310b5ad5f
parent	4e7217027f1933d5860ba459b3d23f454272f709 (diff)
parent	37695b8aabc1386f21039b16c32541d71f0d4182 (diff)
download	rails-2c1f6267f97115ad1c3a4c923922f8c543039681.tar.gz rails-2c1f6267f97115ad1c3a4c923922f8c543039681.tar.bz2 rails-2c1f6267f97115ad1c3a4c923922f8c543039681.zip