Please sign in to comment.
Security: Replace white_list with Rails 2.2 sanitizer
The Rails 2.2 santizer is an enhanced version of Rick's original white_list plugin, so let's upgrade and get the latest fixes. Note that Mephisto had separate rules for sanitizing comments and non-comments in Atom feeds. This difference was introduced in commit 88df87e. Unfortunately, I'm not able to track down any information on the problem being fixed here. Since we already add half of the tags in question to the whitelist, I've decided to just treat all sanitized Atom feed content the same. Please let me know if this breaks anything.
- Loading branch information...
Showing with 10 additions and 293 deletions.
- +2 −3 app/drops/comment_drop.rb
- +2 −3 app/helpers/application_helper.rb
- +1 −1 app/views/feed/_comment.rxml
- +1 −1 app/views/mephisto/_comment.rxml
- +3 −0 config/environment.rb
- +0 −2 config/initializers/templating.rb
- +1 −1 test/functional/application_helper_test.rb
- +0 −29 vendor/plugins/white_list/README
- +0 −22 vendor/plugins/white_list/Rakefile
- +0 −2 vendor/plugins/white_list/init.rb
- +0 −97 vendor/plugins/white_list/lib/white_list_helper.rb
- +0 −132 vendor/plugins/white_list/test/white_list_test.rb
Oops, something went wrong.