Extracted the xpath removals into some new API that allows users to remove xpath subtrees.

1 files changed, 8 insertions, 2 deletions

diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index 8b1e76fec1..187d0ffbfa 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -49,8 +49,7 @@ module ActionView
         @permit_scrubber.attributes = options[:attributes]
         loofah_fragment.scrub!(@permit_scrubber)
       else
-        loofah_fragment.xpath("./script").each { |script| script.remove }
-        loofah_fragment.xpath("./form").each { |form| form.remove }
+        remove_xpaths(loofah_fragment, %w(./script ./form))
         loofah_fragment.scrub!(:strip)
       end
       loofah_fragment.to_s
@@ -60,6 +59,13 @@ module ActionView
       Loofah::HTML5::Scrub.scrub_css style_string
     end
 
+    def remove_xpaths(html, *xpaths)
+      html = Loofah.fragment(html) unless html.is_a? Nokogiri::XML::DocumentFragment
+      xpaths.each do |xpath|
+        html.xpath(xpath).each { |subtree| subtree.remove }
+      end
+    end
+
     def protocol_separator
       self.class.protocol_separator
     end