Require and support rails-html-sanitzer 1.2.0

Rails now requires 1.2.0 because it relies on the safe_list_sanitizer API exclusively. Also raise `sanitizer_vendor` API from the dead for rails-deprecated_sanitizer. Fixes rails/rails-deprecated_sanitizer#6
rails · Aug 8, 2019 · 1200161 · 1200161
1 parent fb5f8d4
commit 1200161
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 7 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -52,7 +52,7 @@ PATH
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.1.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
     activejob (6.1.0.alpha)
       activesupport (= 6.1.0.alpha)
       globalid (>= 0.3.6)
@@ -378,7 +378,7 @@ GEM
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.1.0)
+    rails-html-sanitizer (1.2.0)
       loofah (~> 2.2, >= 2.2.2)
     rainbow (3.0.0)
     rake (12.3.2)

diff --git a/actionpack/actionpack.gemspec b/actionpack/actionpack.gemspec
@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "rack",      "~> 2.0"
   s.add_dependency "rack-test", ">= 0.6.3"
-  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.2"
+  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.2.0"
   s.add_dependency "rails-dom-testing", "~> 2.0"
   s.add_dependency "actionview", version
 

diff --git a/actionview/actionview.gemspec b/actionview/actionview.gemspec
@@ -33,7 +33,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "builder",       "~> 3.1"
   s.add_dependency "erubi",         "~> 1.4"
-  s.add_dependency "rails-html-sanitizer", "~> 1.1", ">= 1.1.0"
+  s.add_dependency "rails-html-sanitizer", "~> 1.1", ">= 1.2.0"
   s.add_dependency "rails-dom-testing", "~> 2.0"
 
   s.add_development_dependency "actionpack",  version

diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -124,6 +124,10 @@ def strip_links(html)
       module ClassMethods #:nodoc:
         attr_writer :full_sanitizer, :link_sanitizer, :safe_list_sanitizer
 
+        def sanitizer_vendor
+          Rails::Html::Sanitizer
+        end
+
         def sanitized_allowed_tags
           safe_list_sanitizer.allowed_tags
         end
@@ -139,7 +143,7 @@ def sanitized_allowed_attributes
         #     config.action_view.full_sanitizer = MySpecialSanitizer.new
         #   end
         def full_sanitizer
-          @full_sanitizer ||= Rails::Html::Sanitizer.full_sanitizer.new
+          @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
         end
 
         # Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
@@ -149,7 +153,7 @@ def full_sanitizer
         #     config.action_view.link_sanitizer = MySpecialSanitizer.new
         #   end
         def link_sanitizer
-          @link_sanitizer ||= Rails::Html::Sanitizer.link_sanitizer.new
+          @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
         end
 
         # Gets the Rails::Html::SafeListSanitizer instance used by sanitize and +sanitize_css+.
@@ -159,7 +163,7 @@ def link_sanitizer
         #     config.action_view.safe_list_sanitizer = MySpecialSanitizer.new
         #   end
         def safe_list_sanitizer
-          @safe_list_sanitizer ||= Rails::Html::Sanitizer.safe_list_sanitizer.new
+          @safe_list_sanitizer ||= sanitizer_vendor.safe_list_sanitizer.new
         end
       end
     end