diff options
| -rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 2 | ||||
| -rw-r--r-- | actionview/test/template/sanitizers_test.rb | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index 01ab9830f3..75ba1a7deb 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -13,7 +13,7 @@ module ActionView def remove_xpaths(html, xpaths) if html.respond_to?(:xpath) - xpaths.each { |xpath| html.xpath(xpath).remove } + html.xpath(*xpaths).remove html else remove_xpaths(Loofah.fragment(html), xpaths).to_s diff --git a/actionview/test/template/sanitizers_test.rb b/actionview/test/template/sanitizers_test.rb index 6769c765fa..bd5b25a305 100644 --- a/actionview/test/template/sanitizers_test.rb +++ b/actionview/test/template/sanitizers_test.rb @@ -23,23 +23,26 @@ class SanitizersTest < ActionController::TestCase assert_equal %(<section><header></header><p>hello </p></section>), sanitizer.remove_xpaths(html, %w(.//script)) end - def test_remove_xpaths_not_enumerable_xpaths_parameter + def test_remove_xpaths_called_with_faulty_xpath sanitizer = ActionView::Sanitizer.new - assert_raises NoMethodError do - sanitizer.remove_xpaths('<h1>hello<h1>', './not_enumerable') + assert_raises Nokogiri::XML::XPath::SyntaxError do + sanitizer.remove_xpaths('<h1>hello<h1>', %w(..faulty_xpath)) end end - def test_remove_xpaths_faulty_xpath + def test_remove_xpaths_called_with_xpath_string sanitizer = ActionView::Sanitizer.new - assert_raises Nokogiri::XML::XPath::SyntaxError do - sanitizer.remove_xpaths('<h1>hello<h1>', %w(..faulty_xpath)) - end + assert_equal '', sanitizer.remove_xpaths('<a></a>', './/a') + end + + def test_remove_xpaths_called_with_enumerable_xpaths + sanitizer = ActionView::Sanitizer.new + assert_equal '', sanitizer.remove_xpaths('<a><span></span></a>', %w(.//a .//span)) end def test_remove_xpaths_called_with_string_returns_string sanitizer = ActionView::Sanitizer.new - assert '<a></a>', sanitizer.remove_xpaths('<a></a>', []) + assert_equal '<a></a>', sanitizer.remove_xpaths('<a></a>', []) end def test_remove_xpaths_called_with_fragment_returns_fragment |