[Git][noosfero/noosfero][stable-1.6] 2 commits: Merge branch 'sanitize-link' into 'master'
Rodrigo Souto
gitlab at mg.gitlab.com
Fri Oct 28 16:51:46 BRST 2016
Rodrigo Souto pushed to branch stable-1.6 at Noosfero / noosfero
Commits:
d38d234e by Rodrigo Souto at 2016-10-28T18:30:55+00:00
Merge branch 'sanitize-link' into 'master'
sanitize_link: use tags/attributes instead of scrubbs
See merge request !1037
- - - - -
6beaf0d6 by Rodrigo Souto at 2016-10-28T18:51:35+00:00
Merge branch 'cherry-pick-e7204f47' into 'stable-1.6'
Merge branch 'sanitize-link' into 'master'
sanitize_link: use tags/attributes instead of scrubbs
See merge request !1037
See merge request !1039
- - - - -
2 changed files:
- app/helpers/sanitize_helper.rb
- + test/unit/sanitize_helper_test.rb
Changes:
=====================================
app/helpers/sanitize_helper.rb
=====================================
--- a/app/helpers/sanitize_helper.rb
+++ b/app/helpers/sanitize_helper.rb
@@ -5,11 +5,19 @@ module SanitizeHelper
end
def sanitize_link(text)
- sanitizer(:white_list).sanitize(text, scrubber:permit_scrubber)
+ sanitizer(:white_list).sanitize(text, tags: allowed_tags, attributes: allowed_attributes)
end
protected
+ def allowed_tags
+ Rails.application.config.action_view.sanitized_allowed_tags
+ end
+
+ def allowed_attributes
+ Rails.application.config.action_view.sanitized_allowed_attributes
+ end
+
def permit_scrubber
scrubber = Rails::Html::PermitScrubber.new
scrubber.tags = Rails.application.config.action_view.sanitized_allowed_tags
=====================================
test/unit/sanitize_helper_test.rb
=====================================
--- /dev/null
+++ b/test/unit/sanitize_helper_test.rb
@@ -0,0 +1,10 @@
+require_relative "../test_helper"
+
+class SanitizeHelperTest < ActionView::TestCase
+
+ should 'permit white_list attributes on links' do
+ allowed_attributes.each do |attribute|
+ assert_match /#{attribute}/, sanitize_link("<a #{attribute.to_sym}='value' />")
+ end
+ end
+end
View it on GitLab: https://gitlab.com/noosfero/noosfero/compare/5f8cdba9fd83a634ce9d591fd37c57aaff87d23f...6beaf0d6059d48fe09043a202fa7c6eb5ddb32cc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listas.softwarelivre.org/pipermail/noosfero-dev/attachments/20161028/183b1e59/attachment-0001.html>
More information about the Noosfero-dev
mailing list