Skip to content
Browse files

Make sure strip_tags removes tags which start with a non-printable ch…

…aracter

Signed-off-by: Michael Koziarski <michael@koziarski.com>
  • Loading branch information...
1 parent 3719bd3 commit bfe032858077bb2946abe25e95e485ba6da86bd5 @gtd gtd committed with NZKoz Nov 16, 2009
View
2 actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
@@ -162,7 +162,7 @@ def parse(parent, line, pos, content, strict=true)
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
name.downcase!
unless closing
View
1 actionpack/test/controller/html-scanner/sanitizer_test.rb
@@ -19,6 +19,7 @@ def test_strip_tags
assert_equal "This has a here.", sanitizer.sanitize("This has a <!-- comment --> here.")
assert_equal "This has a here.", sanitizer.sanitize("This has a <![CDATA[<section>]]> here.")
assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed <![CDATA[<section>]] here...")
+ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag</a>")
[nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) }
end

3 comments on commit bfe0328

@bcardarella

Is there a reason why ActiveModel is in the 2.3.5 branch?

@lifo
Ruby on Rails member
lifo commented on bfe0328 Nov 27, 2009

It has always been there.

@jeremy
Ruby on Rails member
jeremy commented on bfe0328 Nov 27, 2009

Right, it's been there. It's just not released in the 2.x series.

Please sign in to comment.
Something went wrong with that request. Please try again.