Added removal of script tags to WhiteListSanitizer.

author: Timm <kaspth@gmail.com> 2013-07-10 15:57:01 +0200
committer: Timm <kaspth@gmail.com> 2014-06-15 23:35:26 +0200
commit: 55b453f2959ee176611732fa22b386916e9a9604 (patch)
tree: 49b675f70abe2253fd9ce92c9d02336a2d793b91 /actionview
parent: 5282518c1333c5509e64082cfba0fe64871d2ffc (diff)
download: rails-55b453f2959ee176611732fa22b386916e9a9604.tar.gz
rails-55b453f2959ee176611732fa22b386916e9a9604.tar.bz2
rails-55b453f2959ee176611732fa22b386916e9a9604.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index 9d4e5b8e38..8b1e76fec1 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -49,6 +49,7 @@ module ActionView
         @permit_scrubber.attributes = options[:attributes]
         loofah_fragment.scrub!(@permit_scrubber)
       else
+        loofah_fragment.xpath("./script").each { |script| script.remove }
         loofah_fragment.xpath("./form").each { |form| form.remove }
         loofah_fragment.scrub!(:strip)
       end
author	Timm <kaspth@gmail.com>	2013-07-10 15:57:01 +0200
committer	Timm <kaspth@gmail.com>	2014-06-15 23:35:26 +0200
commit	55b453f2959ee176611732fa22b386916e9a9604 (patch)
tree	49b675f70abe2253fd9ce92c9d02336a2d793b91 /actionview
parent	5282518c1333c5509e64082cfba0fe64871d2ffc (diff)
download	rails-55b453f2959ee176611732fa22b386916e9a9604.tar.gz rails-55b453f2959ee176611732fa22b386916e9a9604.tar.bz2 rails-55b453f2959ee176611732fa22b386916e9a9604.zip