| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
- The sanitizer has been changed to safe_list_sanitizer.
- deprecate white_list_sanitizer
|
|
|
|
|
|
| |
In most cases it works now without explicit require because it's accidentally required through
active_support/core_ext/date_and_time/calculations.rb where we still call `try`,
but that would stop working if we changed the Calculations implementation and remove the require call there.
|
|
|
|
|
| |
- Allow configuring the sanitizer and its options
- Split attachment rendering and sanitizing helpers so each can be overridden by applications
|
|
|
|
|
|
|
|
|
|
|
| |
If the [`action_text.helper` initializer][0] runs after
`ActionController::Base` has been loaded, but before the
`rails-html-sanitizer` gem has been `require`d, then the reference to
the constant `Rails::Html` in the body of the
`ActionText::ContentHelper` module raises an `uninitialized constant`
exception.
[0]: https://github.com/rails/rails/blob/21703382393c87212c27c988420ee5c133c1aa9f/actiontext/lib/action_text/engine.rb#L31-L35
|
|
|
|
| |
placeholder option set to true
|
|
|
|
| |
Use `+` instead of backquote.
|
|
|