diff options
Diffstat (limited to 'actionview/lib')
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index 9d4e5b8e38..8b1e76fec1 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -49,6 +49,7 @@ module ActionView @permit_scrubber.attributes = options[:attributes] loofah_fragment.scrub!(@permit_scrubber) else + loofah_fragment.xpath("./script").each { |script| script.remove } loofah_fragment.xpath("./form").each { |form| form.remove } loofah_fragment.scrub!(:strip) end |