Prepare for partial release.

- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.

3 files changed, 9 insertions, 34 deletions

diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md
index 29e71d4cf4..3fc2ab178c 100644
--- a/actionview/CHANGELOG.md
+++ b/actionview/CHANGELOG.md
@@ -1,32 +1,3 @@
-*   Dom and Selector assertions has extracted to rails-dom-testing to better be used in both Action Pack and Action View.
-
-    Note:
-    This also changes the substitution values syntax in `assert_select`.
-
-    `assert_select "div#?", /\d+/`
-    `assert_select "div:match('id', ?)", /\d+/`
-
-    The attribute to match should be enclosed in quotes to avoid
-    issues with Nokogiri's css selector syntax parsing.
-    It is not necessary to do so with the question mark.
-    Calling `assert_select` with an invalid selector will emit a deprecation warning and skip the assertions.
-
-    *Kasper Timm Hansen*
-
-*   The sanitizers in `sanitize_helper` have been extracted to rails-html-sanitizer. Loofah is used for sanitization instead of html-scanner.
-
-    This means:
-    `sanitize` can now take a `Loofah::Scrubber` for powerful scrubbing.
-    [See some examples of scrubbers here](https://github.com/flavorjones/loofah#loofahscrubber)
-
-    `PermitScrubber` has been added. Set the attributes and tags you want to keep and get everything else stripped.
-
-    `TargetScrubber` has been added. Set the attributes and tags you want to have stripped and keep everything else.
-
-    The documentation for `PermitScrubber` and `TargetScrubber` explains how you can gain complete control over when and how elements should be stripped.
-
-    *Kasper Timm Hansen*
-
 *   Fix that render layout: 'messages/layout' should also be added to the dependency tracker tree.
 
     *DHH*
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 9ea4b2dc0a..1ea00cff22 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -23,8 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'builder',       '~> 3.1'
   s.add_dependency 'erubis',        '~> 2.7.0'
-  s.add_dependency 'rails-dom-testing'
-  s.add_dependency 'rails-html-sanitizer'
+  s.add_dependency 'rails-deprecated_sanitizer'
 
   s.add_development_dependency 'actionpack',  version
   s.add_development_dependency 'activemodel', version
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 2268fe25c1..153c64d691 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -1,6 +1,6 @@
 require 'active_support/core_ext/object/try'
 require 'active_support/deprecation'
-require 'rails-html-sanitizer'
+require 'rails-deprecated_sanitizer'
 
 module ActionView
   # = Action View Sanitize Helpers
@@ -138,9 +138,14 @@ module ActionView
         end
 
         # Vendors the full, link and white list sanitizers.
-        # Strictly for backwards compatibility with html-scanner.
+        # This uses html-scanner for the HTML sanitization.
+        # In the next Rails version this will use Rails::Html::Sanitizer instead.
+        # To get this new behavior now, in your Gemfile, add:
+        #
+        #  gem 'rails-html-sanitizer'
+        #
         def sanitizer_vendor
-          Rails::Html::Sanitizer
+          Rails::DeprecatedSanitizer
         end
 
         def sanitized_allowed_tags