From 3e4ae8e5a21e1460bf0674211aef8d539c065701 Mon Sep 17 00:00:00 2001
From: Timm <kaspth@gmail.com>
Date: Tue, 2 Jul 2013 21:54:34 +0200
Subject: Reordered form removal with stripping.

---
 .../lib/action_view/helpers/sanitize_helper/sanitizers.rb     | 11 +++++++----
 actionview/test/template/sanitize_helper_test.rb              |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
index cbddf3481c..f70b47f32a 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
@@ -14,9 +14,12 @@ module ActionView
   class LinkSanitizer
     def initialize
       @link_scrubber = Loofah::Scrubber.new do |node|
-        next unless node.name == 'a'
-        node.before node.children
-        node.remove
+        if node.name == 'a'
+          node.before node.children
+          node.remove
+        else
+          Loofah::HTML5::Scrub.scrub_attributes(node)
+        end
       end
     end
 
@@ -40,8 +43,8 @@ module ActionView
         @permit_scrubber.attributes = options[:attributes]
         loofah_fragment.scrub!(@permit_scrubber)
       else
-        loofah_fragment.scrub!(:strip)
         loofah_fragment.xpath("./form").each { |form| form.remove }
+        loofah_fragment.scrub!(:strip)
       end
       loofah_fragment.to_s
     end
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb
index f7c8f36b78..ab7157eec5 100644
--- a/actionview/test/template/sanitize_helper_test.rb
+++ b/actionview/test/template/sanitize_helper_test.rb
@@ -22,7 +22,7 @@ class SanitizeHelperTest < ActionView::TestCase
 
   def test_should_sanitize_illegal_style_properties
     raw      = %(display:block; position:absolute; left:0; top:0; width:100%; height:100%; z-index:1; background-color:black; background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg); background-x:center; background-y:center; background-repeat:repeat;)
-    expected = %(display: block; width: 100%; height: 100%; background-color: black; background-image: ; background-x: center; background-y: center;)
+    expected = %(display: block; width: 100%; height: 100%; background-color: black; background-x: center; background-y: center;)
     assert_equal expected, sanitize_css(raw)
   end
 
-- 
cgit v1.2.3