Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Added not to sanitize helper docs that it doesn't guarantee well-form…

…ed markup.

Signed-off-by: Michael Koziarski <michael@koziarski.com>

[#166 state:resolved]
  • Loading branch information...
commit 9a137506a1267ec5938fcec4d2ff135f15037459 1 parent 236f0bb
@mschuerig mschuerig authored NZKoz committed
Showing with 5 additions and 0 deletions.
  1. +5 −0 actionpack/lib/action_view/helpers/sanitize_helper.rb
View
5 actionpack/lib/action_view/helpers/sanitize_helper.rb
@@ -48,6 +48,11 @@ def self.included(base)
# config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
# end
#
+ # Please note that sanitizing user-provided text does not guarantee that the
+ # resulting markup is valid (conforming to a document type) or even well-formed.
+ # The output may still contain e.g. unescaped '<', '>', '&' characters and
+ # confuse browsers.
+ #
def sanitize(html, options = {})
self.class.white_list_sanitizer.sanitize(html, options)
end
Please sign in to comment.
Something went wrong with that request. Please try again.