diff options
Diffstat (limited to 'guides/source/upgrading_ruby_on_rails.md')
| -rw-r--r-- | guides/source/upgrading_ruby_on_rails.md | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/guides/source/upgrading_ruby_on_rails.md b/guides/source/upgrading_ruby_on_rails.md index 4e538693f7..7cc176cdcc 100644 --- a/guides/source/upgrading_ruby_on_rails.md +++ b/guides/source/upgrading_ruby_on_rails.md @@ -28,7 +28,7 @@ TIP: Ruby 1.8.7 p248 and p249 have marshaling bugs that crash Rails. Ruby Enterp Rails provides the `rails:update` rake task. After updating the Rails version in the Gemfile, run this rake task. -This will help you with the creation of new files and changes of old files in a +This will help you with the creation of new files and changes of old files in an interactive session. ```bash @@ -111,7 +111,7 @@ Record callbacks. When you define a `after_rollback` or `after_commit` callback, you will receive a deprecation warning about this upcoming change. When -you are ready, you can opt into the new behvaior and remove the +you are ready, you can opt into the new behavior and remove the deprecation warning by adding following configuration to your `config/application.rb`: @@ -186,15 +186,6 @@ venerable html-scanner approach is now officially being deprecated in favor of This means the methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links` are backed by a new implementation. -In the next major Rails version `Rails Html Sanitizer` will be the default -sanitizer. It already is for new applications. - -Include this in your Gemfile to try it out today: - -```ruby -gem 'rails-html-sanitizer' -``` - This new sanitizer uses [Loofah](https://github.com/flavorjones/loofah) internally. Loofah in turn uses Nokogiri, which wraps XML parsers written in both C and Java, so sanitization should be faster no matter which Ruby version you run. @@ -209,6 +200,12 @@ Read the [gem's readme](https://github.com/rails/rails-html-sanitizer) for more The documentation for `PermitScrubber` and `TargetScrubber` explains how you can gain complete control over when and how elements should be stripped. +If your application needs to old behaviour include `rails-deprecated_sanitizer` in your Gemfile: + +```ruby +gem 'rails-deprecated_sanitizer' +``` + ### Rails DOM Testing TODO: Mention https://github.com/rails/rails/commit/4e97d7585a2f4788b9eed98c6cdaf4bb6f2cf5ce |