[openstreetmap/openstreetmap-website] Sanitize classes from outputs (#3149)
Andy Allan
notifications at github.com
Wed Mar 24 19:21:55 UTC 2021
There are an endless amount of shenanigans that you can get up to using CSS classes. Examples are available privately on request.
This PR makes a few related changes:
* Adds tests for adding classes to table elements
* Refactors the configuration setup for the sanitize gem (although it turned out not to be necessary for this particular task)
* Strip away all class attributes from the output, by extending our custom transformer, to prevent shenanigans.
You can view, comment on, or merge this pull request online at:
https://github.com/openstreetmap/openstreetmap-website/pull/3149
-- Commit Summary --
* Add tests for richtext table classes
* Rework configuration to use Sanitize::Config.merge
* Strip away class attributes from sanitized outputs
-- File Changes --
M config/initializers/sanitize.rb (18)
M test/lib/rich_text_test.rb (23)
-- Patch Links --
https://github.com/openstreetmap/openstreetmap-website/pull/3149.patch
https://github.com/openstreetmap/openstreetmap-website/pull/3149.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3149
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210324/50df2c48/attachment.htm>
More information about the rails-dev
mailing list