[Git][noosfero/noosfero][master] 2 commits: sanitize_link: use tags/attributes instead of scrubbs
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Oct 28 16:08:38 BRST 2016
Rodrigo Souto pushed to branch master at Noosfero / noosfero
Commits:
38e11dd0 by Rodrigo Souto at 2016-10-27T16:36:47-03:00
sanitize_link: use tags/attributes instead of scrubbs
- - - - -
e7204f47 by Rodrigo Souto at 2016-10-28T18:08:04+00:00
Merge branch 'sanitize-link' into 'master'
sanitize_link: use tags/attributes instead of scrubbs
See merge request !1037
- - - - -
2 changed files:
- app/helpers/sanitize_helper.rb
- + test/unit/sanitize_helper_test.rb
Changes:
=====================================
app/helpers/sanitize_helper.rb
=====================================
--- a/app/helpers/sanitize_helper.rb
+++ b/app/helpers/sanitize_helper.rb
@@ -5,11 +5,19 @@ module SanitizeHelper
end
def sanitize_link(text)
- sanitizer(:white_list).sanitize(text, scrubber:permit_scrubber)
+ sanitizer(:white_list).sanitize(text, tags: allowed_tags, attributes: allowed_attributes)
end
protected
+ def allowed_tags
+ Rails.application.config.action_view.sanitized_allowed_tags
+ end
+
+ def allowed_attributes
+ Rails.application.config.action_view.sanitized_allowed_attributes
+ end
+
def permit_scrubber
scrubber = Rails::Html::PermitScrubber.new
scrubber.tags = Rails.application.config.action_view.sanitized_allowed_tags
=====================================
test/unit/sanitize_helper_test.rb
=====================================
--- /dev/null
+++ b/test/unit/sanitize_helper_test.rb
@@ -0,0 +1,10 @@
+require_relative "../test_helper"
+
+class SanitizeHelperTest < ActionView::TestCase
+
+ should 'permit white_list attributes on links' do
+ allowed_attributes.each do |attribute|
+ assert_match /#{attribute}/, sanitize_link("<a #{attribute.to_sym}='value' />")
+ end
+ end
+end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/9e05ff8348d46ce67673bd06614dcc779acacecf...e7204f479362c2ebebedc493787bda8826ff5b9a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161028/900487be/attachment-0001.html>
More information about the Noosfero-dev
mailing list