Skip to content

Loading…

ActionView sanitize tags accepts string and acts against developer expectation #5585

Closed
dorkalev opened this Issue · 1 comment

2 participants

@dorkalev

sanitze "koko <em>loves</em> ruby", tags: 'demd'

will leave the <em>s here

because the syntax asks you to do

sanitze "koko <em>loves</em> ruby", tags: %w(demd)

i would probably do [tags].flatten within the sanitize method to allow strings as well as arrays...

@drogus drogus referenced this issue
Commit has since been removed from the repository and is no longer available.
@drogus drogus added a commit to drogus/rails that referenced this issue
@drogus drogus Don't ignore non Enumerable values passed to sanitize (closes #5585)
When someone accidentally passes a string to sanitize like:

sanitize("<span>foo</span>", :tags => "b")

there is no indication that it's the wrong way and span
will not be removed.
94e7c0d
@drogus drogus added a commit that closed this issue
@drogus drogus Don't ignore non Enumerable values passed to sanitize (closes #5585)
When someone accidentally passes a string to sanitize like:

sanitize("<span>foo</span>", :tags => "b")

there is no indication that it's the wrong way and span
will not be removed.
37c84ed
@drogus drogus closed this in 37c84ed
@drogus
Ruby on Rails member

@dorkalev thanks for submitting this. I didn't go with wrapping approach, though, because it's safer to raise.

@robinroestenburg robinroestenburg added a commit that referenced this issue
@drogus drogus Don't ignore non Enumerable values passed to sanitize (closes #5585)
When someone accidentally passes a string to sanitize like:

sanitize("<span>foo</span>", :tags => "b")

there is no indication that it's the wrong way and span
will not be removed.
dfd09a3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.