bad_tags include form since we remove it. Also to prevent a should_allow_form_tag test creation.

author: Timm <kaspth@gmail.com> 2013-07-04 16:55:42 +0200
committer: Timm <kaspth@gmail.com> 2014-06-15 23:35:25 +0200
commit: 91712cc11ded5c5f042784e098a10e1dca82e0d5 (patch)
tree: 936af3e1897a373d7525a46229d8298d65b37d35 /actionview/lib/action_view/helpers
parent: d3d979e4647162d32512484c675da6a0ae0b95fe (diff)
download: rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.tar.gz
rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.tar.bz2
rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index 0bc4be6558..335280c718 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -99,7 +99,7 @@ module ActionView
 
     self.allowed_tags = Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS
 
-    self.bad_tags = Set.new %w(script)
+    self.bad_tags = Set.new %w(script form)
 
     self.allowed_attributes = Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES
author	Timm <kaspth@gmail.com>	2013-07-04 16:55:42 +0200
committer	Timm <kaspth@gmail.com>	2014-06-15 23:35:25 +0200
commit	91712cc11ded5c5f042784e098a10e1dca82e0d5 (patch)
tree	936af3e1897a373d7525a46229d8298d65b37d35 /actionview/lib/action_view/helpers
parent	d3d979e4647162d32512484c675da6a0ae0b95fe (diff)
download	rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.tar.gz rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.tar.bz2 rails-91712cc11ded5c5f042784e098a10e1dca82e0d5.zip