From 2523282e1e498fc39f395433877c94e09f106338 Mon Sep 17 00:00:00 2001
From: Juanito Fatas <juanito.fatas@shopify.com>
Date: Fri, 10 May 2019 15:15:08 +0900
Subject: [PATCH] href is not a HTML element

https://developer.mozilla.org/en-US/docs/Web/HTML/Element
---
 lib/rails/html/sanitizer.rb | 4 ++--
 test/sanitizer_test.rb      | 4 ----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
index f9bef9f..e73bb8c 100644
--- a/lib/rails/html/sanitizer.rb
+++ b/lib/rails/html/sanitizer.rb
@@ -48,7 +48,7 @@ def sanitize(html, options = {})
     class LinkSanitizer < Sanitizer
       def initialize
         @link_scrubber = TargetScrubber.new
-        @link_scrubber.tags = %w(a href)
+        @link_scrubber.tags = %w(a)
         @link_scrubber.attributes = %w(href)
       end
 
@@ -146,7 +146,7 @@ def allowed_tags(options)
 
       def allowed_attributes(options)
         options[:attributes] || self.class.allowed_attributes
-      end      
+      end
     end
 
     WhiteListSanitizer = SafeListSanitizer
diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb
index 6aa0509..8c579af 100644
--- a/test/sanitizer_test.rb
+++ b/test/sanitizer_test.rb
@@ -154,10 +154,6 @@ def test_strip_links_with_linkception
     assert_equal "Magic", link_sanitize("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
   end
 
-  def test_strip_links_with_a_tag_in_href
-    assert_equal "FrrFox", link_sanitize("<href onlclick='steal()'>FrrFox</a></href>")
-  end
-
   def test_sanitize_form
     assert_sanitized "<form action=\"/foo/bar\" method=\"post\"><input></form>", ''
   end