diff options
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/actionview.gemspec | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 2 | ||||
-rw-r--r-- | actionview/test/template/sanitize_helper_test.rb | 4 |
3 files changed, 6 insertions, 2 deletions
diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec index 59fb4c0b72..d8ea9d562c 100644 --- a/actionview/actionview.gemspec +++ b/actionview/actionview.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |s| s.add_dependency 'builder', '~> 3.1' s.add_dependency 'erubis', '~> 2.7.0' - s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.1' + s.add_dependency 'rails-html-sanitizer', '~> 1.0', '>= 1.0.2' s.add_dependency 'rails-dom-testing', '~> 1.0', '>= 1.0.5' s.add_development_dependency 'actionpack', version diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 463a4e9f60..a2e9f37453 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -99,7 +99,7 @@ module ActionView # strip_tags("<div id='top-bar'>Welcome to my website!</div>") # # => Welcome to my website! def strip_tags(html) - self.class.full_sanitizer.sanitize(html) + self.class.full_sanitizer.sanitize(html, encode_special_chars: false) end # Strips all link tags from +html+ leaving just the link text. diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb index e4be21be2c..efe846a7eb 100644 --- a/actionview/test/template/sanitize_helper_test.rb +++ b/actionview/test/template/sanitize_helper_test.rb @@ -29,6 +29,10 @@ class SanitizeHelperTest < ActionView::TestCase assert_equal "", strip_tags("<script>") end + def test_strip_tags_will_not_encode_special_characters + assert_equal "test\r\n\r\ntest", strip_tags("test\r\n\r\ntest") + end + def test_sanitize_is_marked_safe assert sanitize("<html><script></script></html>").html_safe? end |