ActionView sanitize tags accepts string and acts against developer expectation #5585

Closed
dorkalev opened this Issue Mar 26, 2012 · 1 comment

Comments

Projects
None yet
2 participants
@dorkalev

sanitze "koko <em>loves</em> ruby", tags: 'demd'

will leave the <em>s here

because the syntax asks you to do

sanitze "koko <em>loves</em> ruby", tags: %w(demd)

i would probably do [tags].flatten within the sanitize method to allow strings as well as arrays...

drogus added a commit to drogus/rails that referenced this issue Mar 27, 2012

Don't ignore non Enumerable values passed to sanitize (closes #5585)
When someone accidentally passes a string to sanitize like:

sanitize("<span>foo</span>", :tags => "b")

there is no indication that it's the wrong way and span
will not be removed.

@drogus drogus closed this in 37c84ed Mar 27, 2012

@drogus

This comment has been minimized.

Show comment
Hide comment
@drogus

drogus Mar 27, 2012

Member

@dorkalev thanks for submitting this. I didn't go with wrapping approach, though, because it's safer to raise.

Member

drogus commented Mar 27, 2012

@dorkalev thanks for submitting this. I didn't go with wrapping approach, though, because it's safer to raise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment