The default behaviour for this helper was changed to fix a security bug ( rails/rails@61ee344 ). But now this code returns insecure content:
auto_link("<script>alert('malicious')</script> www.rubyonrails.org", :sanitize => true)
I propose to avoid the security problem but returning sanitized strings as the rest of the text helpers, and at the same time give a better use to the existent (but not documented) :sanitize option.
remove local tenderloving-paths from gemfile
return sanitized strings
@xuanxu congratulations, you are now on the rails_autolink team!
yeehaw! :) ❤️
Would you like to maintain this gem? I don't really have time for it. :-(
Sure, no problem. I can keep an eye on it.