From 67b42cb4aa008198e2c22b84b063aa1eb082036d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Mon, 1 Sep 2014 23:26:10 -0300 Subject: Move implementation to the gems Now we keep only the common code and move the specific code to the gems --- .../lib/action_view/helpers/sanitize_helper.rb | 32 +++++++--------------- 1 file changed, 10 insertions(+), 22 deletions(-) (limited to 'actionview/lib/action_view/helpers/sanitize_helper.rb') diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index dfbc52e3ac..394250f058 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -121,22 +121,6 @@ module ActionView module ClassMethods #:nodoc: attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer - [:protocol_separator, - :uri_attributes, - :bad_tags, - :allowed_css_properties, - :allowed_css_keywords, - :shorthand_css_properties, - :allowed_protocols].each do |meth| - meth_name = "sanitized_#{meth}" - imp = lambda do |name| - ActiveSupport::Deprecation.warn("#{name} is deprecated and has no effect.") - end - - define_method(meth_name) { imp.(meth_name) } - define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") } - end - # Vendors the full, link and white list sanitizers. # This uses html-scanner for the HTML sanitization. # In the next Rails version this will use Rails::Html::Sanitizer instead. @@ -189,25 +173,29 @@ module ActionView @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new end + ## + # :method: sanitized_allowed_tags= + # + # :call-seq: sanitized_allowed_tags=(tags) + # # Replaces the allowed tags for the +sanitize+ helper. # # class Application < Rails::Application # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' # end # - def sanitized_allowed_tags=(tags) - sanitizer_vendor.white_list_sanitizer.allowed_tags = tags - end + ## + # :method: sanitized_allowed_attributes= + # + # :call-seq: sanitized_allowed_attributes=(attributes) + # # Replaces the allowed HTML attributes for the +sanitize+ helper. # # class Application < Rails::Application # config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc'] # end # - def sanitized_allowed_attributes=(attributes) - sanitizer_vendor.white_list_sanitizer.allowed_attributes = attributes - end end end end -- cgit v1.2.3 From 28eecd934b91618b1334acce859c26c1a380f51a Mon Sep 17 00:00:00 2001 From: Kasper Timm Hansen Date: Tue, 2 Sep 2014 21:07:41 +0200 Subject: Ship with rails-html-sanitizer instead. --- actionview/lib/action_view/helpers/sanitize_helper.rb | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'actionview/lib/action_view/helpers/sanitize_helper.rb') diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 394250f058..4f2db0a0c4 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -1,6 +1,6 @@ require 'active_support/core_ext/object/try' require 'active_support/deprecation' -require 'rails-deprecated_sanitizer' +require 'rails-html-sanitizer' module ActionView # = Action View Sanitize Helpers @@ -122,14 +122,9 @@ module ActionView attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer # Vendors the full, link and white list sanitizers. - # This uses html-scanner for the HTML sanitization. - # In the next Rails version this will use Rails::Html::Sanitizer instead. - # To get this new behavior now, in your Gemfile, add: - # - # gem 'rails-html-sanitizer' - # + # Provided strictly for compabitility and can be removed in Rails 5. def sanitizer_vendor - Rails::DeprecatedSanitizer + Rails::Html::Sanitizer end def sanitized_allowed_tags -- cgit v1.2.3