-
-
Notifications
You must be signed in to change notification settings - Fork 136
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove attributes without a value. #51
Conversation
What I'd really like is for Loofah to remove the attributes which have blank values. Loofah.fragment(%(<IMG SRC="  javascript:alert('XSS');">)) Returns an element which have " " as the value for src. Which makes the current commit not remove the attribute. |
Is not |
Nope. irb(main):001:0> " ".empty?
=> false |
Ah. Right. If we really need this we can reimplement |
There's no ActiveSupport dependency at the moment. The above pasted snippet is from this test: That's the reason it's failing. |
@rafaelfranca, I changed it to reimplement blank? Hope that's okay. |
Looks like this might introduce 1.8 support issues, since the ActiveSupport I'm fine with it if we're leaving 1.8 behind, but then we should update the gemspec to explicitly only support 1.9.1 and above. Thoughts? |
Rails requires 1.9.3+, so I definitely think moving along the same lines is a good idea. You want me to update this PR and change the required version in the gemspec? Or in another PR? |
I'll take care of the gemspec -- I just wanted to point out the implication on Ruby version support. |
Remove attributes without a value.
Sounds good. |
Changes elements like
<img src=""></img>
to<img></img>
.//@rafaelfranca