diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-09-03 16:59:58 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-09-03 16:59:58 -0300 |
| commit | 5db4e7f0ec2957f8641d5af884bd39e31d795597 (patch) | |
| tree | f2a7eaba6451aa9ef5cc648421d60f3851493997 /actionview | |
| parent | 66c9d31c2b9a58db03668fb0840669e4d4374123 (diff) | |
| parent | 28eecd934b91618b1334acce859c26c1a380f51a (diff) | |
| download | rails-5db4e7f0ec2957f8641d5af884bd39e31d795597.tar.gz rails-5db4e7f0ec2957f8641d5af884bd39e31d795597.tar.bz2 rails-5db4e7f0ec2957f8641d5af884bd39e31d795597.zip | |
Merge pull request #16775 from kaspth/ship-secure-sanitizer
Ship with rails-html-sanitizer instead.
Diffstat (limited to 'actionview')
| -rw-r--r-- | actionview/actionview.gemspec | 2 | ||||
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 11 | ||||
| -rw-r--r-- | actionview/test/template/sanitize_helper_test.rb | 2 |
3 files changed, 5 insertions, 10 deletions
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec index 565c22e1e8..69c8326c51 100644 --- a/actionview/actionview.gemspec +++ b/actionview/actionview.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |s| s.add_dependency 'builder', '~> 3.1' s.add_dependency 'erubis', '~> 2.7.0' - s.add_dependency 'rails-deprecated_sanitizer', '~> 1.0', '>= 1.0.2' + s.add_dependency 'rails-html-sanitizer', '~> 1.0' s.add_dependency 'rails-dom-testing', '~> 1.0', '>= 1.0.2' s.add_development_dependency 'actionpack', version diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 394250f058..4f2db0a0c4 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -1,6 +1,6 @@ require 'active_support/core_ext/object/try' require 'active_support/deprecation' -require 'rails-deprecated_sanitizer' +require 'rails-html-sanitizer' module ActionView # = Action View Sanitize Helpers @@ -122,14 +122,9 @@ module ActionView attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer # Vendors the full, link and white list sanitizers. - # This uses html-scanner for the HTML sanitization. - # In the next Rails version this will use Rails::Html::Sanitizer instead. - # To get this new behavior now, in your Gemfile, add: - # - # gem 'rails-html-sanitizer' - # + # Provided strictly for compabitility and can be removed in Rails 5. def sanitizer_vendor - Rails::DeprecatedSanitizer + Rails::Html::Sanitizer end def sanitized_allowed_tags diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb index a27258a870..e4be21be2c 100644 --- a/actionview/test/template/sanitize_helper_test.rb +++ b/actionview/test/template/sanitize_helper_test.rb @@ -18,7 +18,7 @@ class SanitizeHelperTest < ActionView::TestCase def test_should_sanitize_illegal_style_properties raw = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;) - expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;) + expected = %(display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;) assert_equal expected, sanitize_css(raw) end |