Browse files

apply patch so nil values don't blow up HTML5 lib sanitization. fixes…

… issue #1

git-svn-id: http://xssterminate.googlecode.com/svn/trunk/xss_terminate@5 503a6658-bc44-0410-a8bd-599819d3de0a
  • Loading branch information...
1 parent 56ec95a commit 7d40eb227ebe0363a7f863763200d77a8f40eaad look@recursion.org committed May 31, 2008
Showing with 11 additions and 0 deletions.
  1. +2 −0 lib/xss_terminate.rb
  2. +9 −0 test/xss_terminate_test.rb
View
2 lib/xss_terminate.rb
@@ -29,6 +29,8 @@ def sanitize_fields
field = column.name.to_sym
value = self[field]
+
+ next if value.nil?
if xss_terminate_options[:except].include?(field)
next
View
9 test/xss_terminate_test.rb
@@ -47,4 +47,13 @@ def test_html5lib_sanitization_on_specified_fields
assert_equal "<script>alert('xss in extended')</script>", r.extended
end
+
+ # issue reported by linojon
+ def test_nil_attributes_should_be_allowed_with_html5
+ review = Review.create!(:title => nil, :body => nil)
+
+ assert_nil review.title
+ assert_nil review.body
+ end
+
end

0 comments on commit 7d40eb2

Please sign in to comment.