diff options
| author | Timm <kaspth@gmail.com> | 2013-08-09 22:10:28 +0200 |
|---|---|---|
| committer | Timm <kaspth@gmail.com> | 2014-06-16 21:04:03 +0200 |
| commit | d1de087467b1d3a0bc08f6d372db33bf2dcc80d6 (patch) | |
| tree | 15cc331b0d0ae1574291263c9a8e01354a118705 /actionview/lib/action_view | |
| parent | 945e7f529e1c9cb2690a2bbe3374f883771a2cd1 (diff) | |
| download | rails-d1de087467b1d3a0bc08f6d372db33bf2dcc80d6.tar.gz rails-d1de087467b1d3a0bc08f6d372db33bf2dcc80d6.tar.bz2 rails-d1de087467b1d3a0bc08f6d372db33bf2dcc80d6.zip | |
Extracted the common xpaths to remove into XPATHS_TO_REMOVE.
Diffstat (limited to 'actionview/lib/action_view')
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index 0e2e1826ec..3f2cdd53e6 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -3,6 +3,8 @@ require 'active_support/deprecation' require 'action_view/helpers/sanitize_helper/permit_scrubber' module ActionView + XPATHS_TO_REMOVE = %w{.//script .//form comment()} + class Sanitizer # :nodoc: def sanitize(html, options = {}) @@ -25,7 +27,7 @@ module ActionView return html if html.empty? fragment = Loofah.fragment(html) - remove_xpaths(fragment, %w{.//script .//form comment()}) + remove_xpaths(fragment, XPATHS_TO_REMOVE) fragment.text end end @@ -66,7 +68,7 @@ module ActionView @permit_scrubber.attributes = options[:attributes] loofah_fragment.scrub!(@permit_scrubber) else - remove_xpaths(loofah_fragment, %w{.//script .//form comment()}) + remove_xpaths(loofah_fragment, XPATHS_TO_REMOVE) loofah_fragment.scrub!(:strip) end loofah_fragment.to_s |