Skip to content

Commit

Permalink
Merge pull request #92 from JuanitoFatas/link-sanitizer
Browse files Browse the repository at this point in the history
Remove href from LinkSanitizer tags list
  • Loading branch information
rafaelfranca authored May 22, 2019
2 parents 2191bfe + 5d735a7 commit c5912e7
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 10 deletions.
13 changes: 7 additions & 6 deletions lib/rails/html/sanitizer.rb
Original file line number Diff line number Diff line change
Expand Up @@ -40,15 +40,16 @@ def sanitize(html, options = {})
end

# === Rails::Html::LinkSanitizer
# Removes a tags and href attributes leaving only the link text
# Removes +a+ tags and +href+ attributes leaving only the link text.
#
# link_sanitizer = Rails::Html::LinkSanitizer.new
# link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
# # => Only the link text will be kept.
# link_sanitizer = Rails::Html::LinkSanitizer.new
# link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
#
# => 'Only the link text will be kept.'
class LinkSanitizer < Sanitizer
def initialize
@link_scrubber = TargetScrubber.new
@link_scrubber.tags = %w(a href)
@link_scrubber.tags = %w(a)
@link_scrubber.attributes = %w(href)
end

Expand Down Expand Up @@ -146,7 +147,7 @@ def allowed_tags(options)

def allowed_attributes(options)
options[:attributes] || self.class.allowed_attributes
end
end
end

WhiteListSanitizer = SafeListSanitizer
Expand Down
4 changes: 0 additions & 4 deletions test/sanitizer_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -154,10 +154,6 @@ def test_strip_links_with_linkception
assert_equal "Magic", link_sanitize("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
end

def test_strip_links_with_a_tag_in_href
assert_equal "FrrFox", link_sanitize("<href onlclick='steal()'>FrrFox</a></href>")
end

def test_sanitize_form
assert_sanitized "<form action=\"/foo/bar\" method=\"post\"><input></form>", ''
end
Expand Down

0 comments on commit c5912e7

Please sign in to comment.