Following is the example of sanitize method.
>> helper.sanitize("<!-- Script Start --><p>krunal test2</p>")
=> "<!-- Script Start --><p>krunal test2</p>"
We can see in the above code that "html comment" tag get changed in output.
#11218 should fix this issue. There is test case for it: https://github.com/rails/rails/pull/11218/files#diff-7a77109b636947d263480ebab0b05f0dL39
cc @krunal @pftg @rafaelfranca I've tested this against #11218 and sanitize correctly ignores HTML comments. Can we close this issue?
I think we should wait until #11218 gets merged.
This issue has been automatically marked as stale because it has not been commented on for at least
The resources of the Rails team are limited, and so we are asking for your help.
If you can still reproduce this error on the 4-1-stable, 4-0-stable branches or on master,
please reply with all of the information you have about it in order to keep the issue open.
Thank you for all your contributions.
It should be fixed with 4.2. If not please let us know.