Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Make sure strip_tags removes tags which start with a non-printable ch…

…aracter

Signed-off-by: Michael Koziarski <michael@koziarski.com>
  • Loading branch information...
commit bfe032858077bb2946abe25e95e485ba6da86bd5 1 parent 3719bd3
Gabe da Silveira gtd authored NZKoz committed
2  actionpack/lib/action_controller/vendor/html-scanner/html/node.rb
View
@@ -162,7 +162,7 @@ def parse(parent, line, pos, content, strict=true)
end
closing = ( scanner.scan(/\//) ? :close : nil )
- return Text.new(parent, line, pos, content) unless name = scanner.scan(/[\w:-]+/)
+ return Text.new(parent, line, pos, content) unless name = scanner.scan(/[-:\w\x00-\x09\x0b-\x0c\x0e-\x1f]+/)
name.downcase!
unless closing
1  actionpack/test/controller/html-scanner/sanitizer_test.rb
View
@@ -19,6 +19,7 @@ def test_strip_tags
assert_equal "This has a here.", sanitizer.sanitize("This has a <!-- comment --> here.")
assert_equal "This has a here.", sanitizer.sanitize("This has a <![CDATA[<section>]]> here.")
assert_equal "This has an unclosed ", sanitizer.sanitize("This has an unclosed <![CDATA[<section>]] here...")
+ assert_equal "non printable char is a tag", sanitizer.sanitize("<\x07a href='/hello'>non printable char is a tag</a>")
[nil, '', ' '].each { |blank| assert_equal blank, sanitizer.sanitize(blank) }
end

3 comments on commit bfe0328

Brian Cardarella

Is there a reason why ActiveModel is in the 2.3.5 branch?

Pratik
Collaborator

It has always been there.

Jeremy Kemper
Owner

Right, it's been there. It's just not released in the 2.x series.

Please sign in to comment.
Something went wrong with that request. Please try again.