Migrate to SafeListSanitizer #87
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
JuanitoFatas
force-pushed
the
migrate-to-safelist
branch
from
cba4464
to
911899f
Compare
|
I merged your other PRs. Since this is a more significant change it would be good to rebase. @rafaelfranca do you have thoughts on this? |
JuanitoFatas
force-pushed
the
migrate-to-safelist
branch
from
911899f
to
a4c4318
Compare
rafaelfranca
approved these changes
Apr 1, 2019
|
@JuanitoFatas do you want to take a stab at the test failures in another PR? 🙏 |
A fix is in #90. |
SafeList is easier to understand
JuanitoFatas
force-pushed
the
migrate-to-safelist
branch
from
a4c4318
to
41b0b49
Compare
|
Forgot to get back to this one, thanks! |
3 tasks
Is this (removing a method) a breaking change to the public API? If so, SemVer requires a major-version bump. |
jrochkind
reviewed
Aug 8, 2019
| def white_list_sanitizer | ||
| Html::WhiteListSanitizer | ||
| ActiveSupport::Deprecation.warn "warning: white_list_sanitizer is" \ | ||
| "deprecated, please use safe_list_sanitizer instead." |
There was a problem hiding this comment.
This is missing a space, shows up as "isdeprecated" in deprecation messages.
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Mar 20, 2020
Update ruby-rails-html-sanitizer to 1.3.0. ## 1.3.0 * Address deprecations in Loofah 2.3.0. *Josh Goodall* ## 1.2.0 * Remove needless `white_list_sanitizer` deprecation. By deprecating this, we were forcing Rails 5.2 to be updated or spew deprecations that users could do nothing about. That's pointless and I'm sorry for adding that! Now there's no deprecation warning and Rails 5.2 works out of the box, while Rails 6 can use the updated naming. *Kasper Timm Hansen* ## 1.1.0 * Add `safe_list_sanitizer` and deprecate `white_list_sanitizer` to be removed in 1.2.0. rails/rails-html-sanitizer#87 *Juanito Fatas* * Remove `href` from LinkScrubber's `tags` as it's not an element. rails/rails-html-sanitizer#92 *Juanito Fatas* * Explain that we don't need to bump Loofah here if there's CVEs. rails/rails-html-sanitizer@d4d823c *Kasper Timm Hansen*
This was referenced Mar 13, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Safelist is easier to understand and less offensive. Chose
SafeListbecause a similar ongoing effort in loofah gem: flavorjones/loofah#158.View Updated README.md
How to run the test
Note
An attempt to fix the build in #90.
Original motivation rails/rails#33677, other community efforts examples