aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view
diff options
context:
space:
mode:
Diffstat (limited to 'actionview/lib/action_view')
-rw-r--r--actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb10
1 files changed, 8 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index 8b1e76fec1..187d0ffbfa 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -49,8 +49,7 @@ module ActionView
@permit_scrubber.attributes = options[:attributes]
loofah_fragment.scrub!(@permit_scrubber)
else
- loofah_fragment.xpath("./script").each { |script| script.remove }
- loofah_fragment.xpath("./form").each { |form| form.remove }
+ remove_xpaths(loofah_fragment, %w(./script ./form))
loofah_fragment.scrub!(:strip)
end
loofah_fragment.to_s
@@ -60,6 +59,13 @@ module ActionView
Loofah::HTML5::Scrub.scrub_css style_string
end
+ def remove_xpaths(html, *xpaths)
+ html = Loofah.fragment(html) unless html.is_a? Nokogiri::XML::DocumentFragment
+ xpaths.each do |xpath|
+ html.xpath(xpath).each { |subtree| subtree.remove }
+ end
+ end
+
def protocol_separator
self.class.protocol_separator
end