diff options
| author | Timm <kaspth@gmail.com> | 2013-07-02 21:54:34 +0200 |
|---|---|---|
| committer | Timm <kaspth@gmail.com> | 2014-06-15 23:35:24 +0200 |
| commit | 3e4ae8e5a21e1460bf0674211aef8d539c065701 (patch) | |
| tree | 742d8bbeaf3f3198cdb182393b5354b4749945b4 /actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | |
| parent | 2622da17585a58fc75d3f9b5fc80eb03930fa156 (diff) | |
| download | rails-3e4ae8e5a21e1460bf0674211aef8d539c065701.tar.gz rails-3e4ae8e5a21e1460bf0674211aef8d539c065701.tar.bz2 rails-3e4ae8e5a21e1460bf0674211aef8d539c065701.zip | |
Reordered form removal with stripping.
Diffstat (limited to 'actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb')
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index cbddf3481c..f70b47f32a 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -14,9 +14,12 @@ module ActionView class LinkSanitizer def initialize @link_scrubber = Loofah::Scrubber.new do |node| - next unless node.name == 'a' - node.before node.children - node.remove + if node.name == 'a' + node.before node.children + node.remove + else + Loofah::HTML5::Scrub.scrub_attributes(node) + end end end @@ -40,8 +43,8 @@ module ActionView @permit_scrubber.attributes = options[:attributes] loofah_fragment.scrub!(@permit_scrubber) else - loofah_fragment.scrub!(:strip) loofah_fragment.xpath("./form").each { |form| form.remove } + loofah_fragment.scrub!(:strip) end loofah_fragment.to_s end |