From 4fb02901a98ec7b17f096ff8cd0dfefe09f6da3c Mon Sep 17 00:00:00 2001 From: tibvdm Date: Wed, 20 Dec 2023 11:30:25 +0100 Subject: [PATCH] extend allowed tags + tests --- app/helpers/application_helper.rb | 2 +- test/helpers/application_helper_test.rb | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 30b108dab7..01a6708cbd 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -149,7 +149,7 @@ def sanitize(html) %w[svg g style circle line rect path polygon text] @attributes ||= Rails::Html::SafeListSanitizer.allowed_attributes.to_a + %w[style target data-bs-toggle data-parent data-tab data-line data-element id] + - %w[viewBox width height version style class transform id x y rx ry x1 y1 x2 y2 d points fill stroke stroke-width cx cy r font-size font-family font-weight font-variant] + %w[viewBox width height version style class transform id x y rx ry x1 y1 x2 y2 d points fill stroke stroke-width stroke-dasharray cx cy r font-size font-family font-weight font-variant textLength writing-mode glyph-orientation-vertical text-orientation] # Filters allowed tags and attributes sanitized = ActionController::Base.helpers.sanitize html, diff --git a/test/helpers/application_helper_test.rb b/test/helpers/application_helper_test.rb index 50697c5361..986bed8dd9 100644 --- a/test/helpers/application_helper_test.rb +++ b/test/helpers/application_helper_test.rb @@ -104,7 +104,9 @@ class ApplicationHelperTest < ActiveSupport::TestCase dirty_html = <<~HTML - + + + @@ -113,6 +115,7 @@ class ApplicationHelperTest < ActiveSupport::TestCase Hello + abcdefgh HTML clean_html = sanitize dirty_html