From 52f0b050e25cac6d9571d71c9f74ea583d8aa2b0 Mon Sep 17 00:00:00 2001
From: Juanito Fatas <juanito.fatas@shopify.com>
Date: Tue, 14 May 2019 13:09:39 +0900
Subject: Update sanitizer in ActionView::Helpers::SanitizeHelper

- The sanitizer has been changed to safe_list_sanitizer.
- deprecate white_list_sanitizer
---
 actiontext/app/helpers/action_text/content_helper.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actiontext/app')

diff --git a/actiontext/app/helpers/action_text/content_helper.rb b/actiontext/app/helpers/action_text/content_helper.rb
index ed2887d865..1e05f572f7 100644
--- a/actiontext/app/helpers/action_text/content_helper.rb
+++ b/actiontext/app/helpers/action_text/content_helper.rb
@@ -4,7 +4,7 @@ require "rails-html-sanitizer"
 
 module ActionText
   module ContentHelper
-    mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.white_list_sanitizer.new }
+    mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.safe_list_sanitizer.new }
     mattr_accessor(:allowed_tags) { sanitizer.class.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] }
     mattr_accessor(:allowed_attributes) { sanitizer.class.allowed_attributes + ActionText::Attachment::ATTRIBUTES }
     mattr_accessor(:scrubber)
-- 
cgit v1.2.3