From a911dd0e08f625bf5931d382d72a4a1703ccb75b Mon Sep 17 00:00:00 2001
From: Taufiq Muhammadi <waruboy@yahoo.com>
Date: Wed, 10 Jun 2020 12:30:06 +0700
Subject: [PATCH] Call class method since sanitizer's instance method is
 private and add tests

revert back to earlier version that call class method of class
returned by #sanitizer_vendor.safe_list_sanitizer
---
 .../lib/action_view/helpers/sanitize_helper.rb      |  4 ++--
 actionview/test/template/sanitize_helper_test.rb    | 13 +++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 8724e04d56..3035c320f3 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -129,11 +129,11 @@ module ActionView
         end
 
         def sanitized_allowed_tags
-          safe_list_sanitizer.allowed_tags
+          sanitizer_vendor.safe_list_sanitizer.allowed_tags
         end
 
         def sanitized_allowed_attributes
-          safe_list_sanitizer.allowed_attributes
+          sanitizer_vendor.safe_list_sanitizer.allowed_attributes
         end
 
         # Gets the Rails::Html::FullSanitizer instance used by +strip_tags+. Replace with
diff --git a/actionview/test/template/sanitize_helper_test.rb b/actionview/test/template/sanitize_helper_test.rb
index 181f09ab65..4a2a21996b 100644
--- a/actionview/test/template/sanitize_helper_test.rb
+++ b/actionview/test/template/sanitize_helper_test.rb
@@ -40,4 +40,17 @@ class SanitizeHelperTest < ActionView::TestCase
   def test_sanitize_is_marked_safe
     assert_predicate sanitize("<html><script></script></html>"), :html_safe?
   end
+
+  def test_sanitized_allowed_tags_class_method
+    expected = Set.new(["strong", "em", "b", "i", "p", "code", "pre", "tt", "samp", "kbd", "var",
+      "sub", "sup", "dfn", "cite", "big", "small", "address", "hr", "br", "div", "span", "h1", "h2",
+      "h3", "h4", "h5", "h6", "ul", "ol", "li", "dl", "dt", "dd", "abbr", "acronym", "a", "img",
+      "blockquote", "del", "ins"])
+    assert_equal(expected, self.class.sanitized_allowed_tags)
+  end
+
+  def test_sanitized_allowed_attributes_class_method
+    expected = Set.new(["href", "src", "width", "height", "alt", "cite", "datetime", "title", "class", "name", "xml:lang", "abbr"])
+    assert_equal(expected, self.class.sanitized_allowed_attributes)
+  end
 end