[Git][noosfero/noosfero][cherry-pick-e7204f47] Merge branch 'sanitize-link' into 'master'
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Oct 28 16:31:10 BRST 2016
Rodrigo Souto pushed to branch cherry-pick-e7204f47 at Noosfero / noosfero
Commits:
d38d234e by Rodrigo Souto at 2016-10-28T18:30:55+00:00
Merge branch 'sanitize-link' into 'master'
sanitize_link: use tags/attributes instead of scrubbs
See merge request !1037
- - - - -
2 changed files:
- app/helpers/sanitize_helper.rb
- + test/unit/sanitize_helper_test.rb
Changes:
=====================================
app/helpers/sanitize_helper.rb
=====================================
--- a/app/helpers/sanitize_helper.rb
+++ b/app/helpers/sanitize_helper.rb
@@ -5,11 +5,19 @@ module SanitizeHelper
end
def sanitize_link(text)
- sanitizer(:white_list).sanitize(text, scrubber:permit_scrubber)
+ sanitizer(:white_list).sanitize(text, tags: allowed_tags, attributes: allowed_attributes)
end
protected
+ def allowed_tags
+ Rails.application.config.action_view.sanitized_allowed_tags
+ end
+
+ def allowed_attributes
+ Rails.application.config.action_view.sanitized_allowed_attributes
+ end
+
def permit_scrubber
scrubber = Rails::Html::PermitScrubber.new
scrubber.tags = Rails.application.config.action_view.sanitized_allowed_tags
=====================================
test/unit/sanitize_helper_test.rb
=====================================
--- /dev/null
+++ b/test/unit/sanitize_helper_test.rb
@@ -0,0 +1,10 @@
+require_relative "../test_helper"
+
+class SanitizeHelperTest < ActionView::TestCase
+
+ should 'permit white_list attributes on links' do
+ allowed_attributes.each do |attribute|
+ assert_match /#{attribute}/, sanitize_link("<a #{attribute.to_sym}='value' />")
+ end
+ end
+end
View it on GitLab: https://gitlab.com/noosfero/noosfero/commit/d38d234e768d76d910fbe74a5bc91cec103c657a
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161028/dd2c12ed/attachment-0001.html>
More information about the Noosfero-dev
mailing list