Revert wrong change on xss_terminate (revert part of 688faae)

CIRANDAS · May 16, 2015 · a323f4e · a323f4e
1 parent 82c8dd4
commit a323f4e
Showing 1 changed file with 6 additions and 53 deletions.
diff --git a/vendor/plugins/xss_terminate/lib/xss_terminate.rb b/vendor/plugins/xss_terminate/lib/xss_terminate.rb
@@ -38,7 +38,7 @@ def xss_terminate(options = {})
 
   module InstanceMethods
 
-    def sanitize_field(sanitizer, field, serialized = false, with= :full)
+    def sanitize_field(sanitizer, field, serialized = false)
       field = field.to_sym
       if serialized
         puts field
@@ -49,25 +49,8 @@ def sanitize_field(sanitizer, field, serialized = false, with= :full)
       else
         if self[field]
           self[field] = sanitizer.sanitize(self[field])
-
-          if with == :full
-            self[field] = CGI.escapeHTML(self[field])
-          elsif with == :white_list
-            self[field] = CGI.escapeHTML(self[field]) if !wellformed_html_code?(self[field])
-          end
-
         else
-          value = self.send("#{field}")
-          return unless value
-          value = sanitizer.sanitize(value)
-          self.send("#{field}=", value)
-
-          if with == :full
-            self.send("#{field}=", CGI.escapeHTML(value))
-          elsif with == :white_list
-            self.send("#{field}=", CGI.escapeHTML(value)) if !wellformed_html_code?(value)
-          end
-
+          self.send("#{field}=", sanitizer.sanitize(self.send("#{field}")))
         end
       end
     end
@@ -86,56 +69,26 @@ def sanitize_fields_with_full
       sanitizer = ActionView::Base.full_sanitizer
       columns, columns_serialized = sanitize_columns(:full)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :full)
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
     end
 
     def sanitize_fields_with_white_list
       sanitizer = ActionView::Base.white_list_sanitizer
       columns, columns_serialized = sanitize_columns(:white_list)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :white_list)
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
-   end
+    end
 
     def sanitize_fields_with_html5lib
       sanitizer = HTML5libSanitize.new
       columns = sanitize_columns(:html5lib)
       columns.each do |column|
-        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column), :html5lib)
+        sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
       end
     end
 
-    def wellformed_html_code?(field)
-      return true if !field
-      counter = 0
-      in_comment = false
-      field=field.split(//)
-      for i in 0..field.length-1
-        if !in_comment
-          if field[i] == '<'
-            if field[i+1..i+3] == ["!","-","-"]
-              in_comment = true
-            else
-              counter += 1
-            end
-          elsif field[i] == '>'
-            counter -= 1
-          end
-        else
-          if field[i-2..i] == ["-","-",">"]
-            in_comment = false
-          end
-        end
-
-        if counter < 0 || 1 < counter
-          return false
-        end
-      end
-
-      return counter == 0
-    end
-
   end
 
 end