diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-09-25 16:45:45 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-09-25 16:45:45 -0300 |
| commit | 80990e2a0b714043f3f7a5b6e3303bbd5b72dc6c (patch) | |
| tree | 9687e03999cde73cc53b9c93ae3256b7c88fbd3c | |
| parent | 64fc8963b9998cc833d7f2b04e4b9fef3428b858 (diff) | |
| download | rails-80990e2a0b714043f3f7a5b6e3303bbd5b72dc6c.tar.gz rails-80990e2a0b714043f3f7a5b6e3303bbd5b72dc6c.tar.bz2 rails-80990e2a0b714043f3f7a5b6e3303bbd5b72dc6c.zip | |
rails-html-sanitizer is now the default
Also add to upgrading guide a notice about the deprecated sanitizers
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | guides/source/upgrading_ruby_on_rails.md | 15 | ||||
| -rw-r--r-- | railties/lib/rails/generators/rails/app/templates/Gemfile | 3 |
3 files changed, 6 insertions, 13 deletions
@@ -13,7 +13,6 @@ gem 'mocha', '~> 0.14', require: false gem 'rack-cache', '~> 1.2' gem 'jquery-rails', '~> 4.0.0.beta2' gem 'coffee-rails', '~> 4.0.0' -gem 'rails-html-sanitizer', '~> 1.0.1' gem 'rails-deprecated_sanitizer', '~> 1.0.3' gem 'turbolinks', '~> 2.2.3' diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index 4e538693f7..ca1a0b1494 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -186,15 +186,6 @@ venerable html-scanner approach is now officially being deprecated in favor of This means the methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links` are backed by a new implementation. -In the next major Rails version `Rails Html Sanitizer` will be the default -sanitizer. It already is for new applications. - -Include this in your Gemfile to try it out today: - -```ruby -gem 'rails-html-sanitizer' -``` - This new sanitizer uses [Loofah](https://github.com/flavorjones/loofah) internally. Loofah in turn uses Nokogiri, which wraps XML parsers written in both C and Java, so sanitization should be faster no matter which Ruby version you run. @@ -209,6 +200,12 @@ Read the [gem's readme](https://github.com/rails/rails-html-sanitizer) for more The documentation for `PermitScrubber` and `TargetScrubber` explains how you can gain complete control over when and how elements should be stripped. +If your application needs to old behaviour include `rails-deprecated_sanitizer` in your Gemfile: + +```ruby +gem 'rails-deprecated_sanitizer' +``` + ### Rails DOM Testing TODO: Mention https://github.com/rails/rails/commit/4e97d7585a2f4788b9eed98c6cdaf4bb6f2cf5ce diff --git a/railties/lib/rails/generators/rails/app/templates/Gemfile b/railties/lib/rails/generators/rails/app/templates/Gemfile index efbfc71056..2567469c95 100644 --- a/railties/lib/rails/generators/rails/app/templates/Gemfile +++ b/railties/lib/rails/generators/rails/app/templates/Gemfile @@ -15,9 +15,6 @@ source 'https://rubygems.org' # Use ActiveModel has_secure_password # gem 'bcrypt', '~> 3.1.7' -# Use Rails Html Sanitizer for HTML sanitization -gem 'rails-html-sanitizer', '~> 1.0.1' - # Use Unicorn as the app server # gem 'unicorn' |