diff options
author | Timm <kaspth@gmail.com> | 2013-07-10 15:57:01 +0200 |
---|---|---|
committer | Timm <kaspth@gmail.com> | 2014-06-15 23:35:26 +0200 |
commit | 55b453f2959ee176611732fa22b386916e9a9604 (patch) | |
tree | 49b675f70abe2253fd9ce92c9d02336a2d793b91 /actionview | |
parent | 5282518c1333c5509e64082cfba0fe64871d2ffc (diff) | |
download | rails-55b453f2959ee176611732fa22b386916e9a9604.tar.gz rails-55b453f2959ee176611732fa22b386916e9a9604.tar.bz2 rails-55b453f2959ee176611732fa22b386916e9a9604.zip |
Added removal of script tags to WhiteListSanitizer.
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index 9d4e5b8e38..8b1e76fec1 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -49,6 +49,7 @@ module ActionView @permit_scrubber.attributes = options[:attributes] loofah_fragment.scrub!(@permit_scrubber) else + loofah_fragment.xpath("./script").each { |script| script.remove } loofah_fragment.xpath("./form").each { |form| form.remove } loofah_fragment.scrub!(:strip) end |