New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pass options to the text method. #35
Conversation
This lets us avoid encoding special chars twice in Rails.
Great, once the other issue is sorted we can bump the version number and ship a new release. Then I'll submit a PR to Rails to use this 😉 |
Pass options to the text method.
It'll make it into 4.2.2, right? |
Right |
Submitted rails/rails#19252 to add the binding on Rails' side. |
@rafaelfranca Looks like 4.2.2 was release without this fix. |
@mtarnovan 4.2.2 was a security release. Those should have the fewest number of changes to make them as easy as possible to upgrade to. |
@kaspth I see, thanks. |
i use rails 4.2.5.1 and there is still this bug |
@optimum-dulopin I don't think this is considered a bug anymore. Although #35 originally solved the issue, it was undone here 49dfc15 Basically:
Perhaps the bug is Loofah's use of |
Fixes #31.
This lets us avoid encoding special chars twice in Rails as
strip_tags
could be written as:I didn't document this option as it's really for our internal use. But there's a potential security vector we have to take into account here.
Alternatively, I guess we could just call
html_safe
instrip_tags
, but that makes me feel uneasy too.cc @rafaelfranca