Require and support rails-html-sanitzer 1.2.0

Rails now requires 1.2.0 because it relies on the safe_list_sanitizer API exclusively. Also raise `sanitizer_vendor` API from the dead for rails-deprecated_sanitizer. Fixes https://github.com/rails/rails-deprecated_sanitizer/pull/6
2019-08-09 00:07:45 +02:00 · 2019-08-09 00:07:45 +02:00 · 12001611d6
parent fb5f8d4f86
commit 12001611d6
4 changed files with 11 additions and 7 deletions
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -52,7 +52,7 @@ PATH
      builder (~> 3.1)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
-      rails-html-sanitizer (~> 1.1, >= 1.1.0)
+      rails-html-sanitizer (~> 1.1, >= 1.2.0)
    activejob (6.1.0.alpha)
      activesupport (= 6.1.0.alpha)
      globalid (>= 0.3.6)
@ -378,7 +378,7 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.1.0)
+    rails-html-sanitizer (1.2.0)
      loofah (~> 2.2, >= 2.2.2)
    rainbow (3.0.0)
    rake (12.3.2)
--- a/actionpack/actionpack.gemspec
+++ b/actionpack/actionpack.gemspec
@ -33,7 +33,7 @@ Gem::Specification.new do |s|

  s.add_dependency "rack",      "~> 2.0"
  s.add_dependency "rack-test", ">= 0.6.3"
-  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.0.2"
+  s.add_dependency "rails-html-sanitizer", "~> 1.0", ">= 1.2.0"
  s.add_dependency "rails-dom-testing", "~> 2.0"
  s.add_dependency "actionview", version

--- a/actionview/actionview.gemspec
+++ b/actionview/actionview.gemspec
@ -33,7 +33,7 @@ Gem::Specification.new do |s|

  s.add_dependency "builder",       "~> 3.1"
  s.add_dependency "erubi",         "~> 1.4"
-  s.add_dependency "rails-html-sanitizer", "~> 1.1", ">= 1.1.0"
+  s.add_dependency "rails-html-sanitizer", "~> 1.1", ">= 1.2.0"
  s.add_dependency "rails-dom-testing", "~> 2.0"

  s.add_development_dependency "actionpack",  version
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@ -124,6 +124,10 @@ module ActionView
      module ClassMethods #:nodoc:
        attr_writer :full_sanitizer, :link_sanitizer, :safe_list_sanitizer

+        def sanitizer_vendor
+          Rails::Html::Sanitizer
+        end
+
        def sanitized_allowed_tags
          safe_list_sanitizer.allowed_tags
        end
@ -139,7 +143,7 @@ module ActionView
        #     config.action_view.full_sanitizer = MySpecialSanitizer.new
        #   end
        def full_sanitizer
-          @full_sanitizer ||= Rails::Html::Sanitizer.full_sanitizer.new
+          @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
        end

        # Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
@ -149,7 +153,7 @@ module ActionView
        #     config.action_view.link_sanitizer = MySpecialSanitizer.new
        #   end
        def link_sanitizer
-          @link_sanitizer ||= Rails::Html::Sanitizer.link_sanitizer.new
+          @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
        end

        # Gets the Rails::Html::SafeListSanitizer instance used by sanitize and +sanitize_css+.
@ -159,7 +163,7 @@ module ActionView
        #     config.action_view.safe_list_sanitizer = MySpecialSanitizer.new
        #   end
        def safe_list_sanitizer
-          @safe_list_sanitizer ||= Rails::Html::Sanitizer.safe_list_sanitizer.new
+          @safe_list_sanitizer ||= sanitizer_vendor.safe_list_sanitizer.new
        end
      end
    end