Merge pull request #19252 from kaspth/single-escaping-strip-tags

Let strip_tags leave HTML escaping to Rails.

3 files changed, 6 insertions, 2 deletions

diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
index 59fb4c0b72..d8ea9d562c 100644
--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@@ -23,7 +23,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency 'builder',       '~> 3.1'
   s.add_dependency 'erubis',        '~> 2.7.0'
-  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.1'
+  s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.2'
   s.add_dependency 'rails-dom-testing', '~> 1.0', '>= 1.0.5'
 
   s.add_development_dependency 'actionpack',  version
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 463a4e9f60..a2e9f37453 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -99,7 +99,7 @@ module ActionView
       #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
       #   # => Welcome to my website!
       def strip_tags(html)
-        self.class.full_sanitizer.sanitize(html)
+        self.class.full_sanitizer.sanitize(html, encode_special_chars: false)
       end
 
       # Strips all link tags from +html+ leaving just the link text.
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb
index e4be21be2c..efe846a7eb 100644
--- a/actionview/test/template/sanitize_helper_test.rb
+++ b/actionview/test/template/sanitize_helper_test.rb
@@ -29,6 +29,10 @@ class SanitizeHelperTest < ActionView::TestCase
     assert_equal "", strip_tags("<script>")
   end
 
+  def test_strip_tags_will_not_encode_special_characters
+    assert_equal "test\r\n\r\ntest", strip_tags("test\r\n\r\ntest")
+  end
+
   def test_sanitize_is_marked_safe
     assert sanitize("<html><script></script></html>").html_safe?
   end