kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Merge PR #39587

Browse source 
Closes #39587.
This commit is contained in:
Rafael Mendonça França 2020-12-08 22:33:39 +00:00
commit 04a0c52cea
No known key found for this signature in database
GPG key ID: FC23B6D0F1EEE948
2 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
actionview/lib/action_view/helpers/sanitize_helper.rb
View file

@ -129,11 +129,11 @@ module ActionView
end
def sanitized_allowed_tags
safe_list_sanitizer.allowed_tags
sanitizer_vendor.safe_list_sanitizer.allowed_tags
end
def sanitized_allowed_attributes
safe_list_sanitizer.allowed_attributes
sanitizer_vendor.safe_list_sanitizer.allowed_attributes
end
# Gets the Rails::Html::FullSanitizer instance used by +strip_tags+. Replace with

13
actionview/test/template/sanitize_helper_test.rb
View file

@ -40,4 +40,17 @@ class SanitizeHelperTest < ActionView::TestCase
def test_sanitize_is_marked_safe
assert_predicate sanitize("<html><script></script></html>"), :html_safe?
end
def test_sanitized_allowed_tags_class_method
expected = Set.new(["strong", "em", "b", "i", "p", "code", "pre", "tt", "samp", "kbd", "var",
"sub", "sup", "dfn", "cite", "big", "small", "address", "hr", "br", "div", "span", "h1", "h2",
"h3", "h4", "h5", "h6", "ul", "ol", "li", "dl", "dt", "dd", "abbr", "acronym", "a", "img",
"blockquote", "del", "ins"])
assert_equal(expected, self.class.sanitized_allowed_tags)
end
def test_sanitized_allowed_attributes_class_method
expected = Set.new(["href", "src", "width", "height", "alt", "cite", "datetime", "title", "class", "name", "xml:lang", "abbr"])
assert_equal(expected, self.class.sanitized_allowed_attributes)
end
end