Commit 52f0b050e2 replaces `white_list_sanitizer` with `safe_list_sanitizer`. This is a breaking change unless the installed version of `rails-html-sanitizer` is `>= 1.1.0`.
This commit updates the minimum version in `actionview/actionview.gemspec` to `1.1.0`.
We had a discussion on the Core team and we don't want to expose this information
as a JSON endpoint and not by default.
It doesn't make sense to expose this JSON locally and this controller is only
accessible in dev, so the proposed access from a production app seems off.
This reverts commit 8eaffe7e89719ac62ff29c2e4208cfbeb1cd1c38, reversing
changes made to b6e4305c3bca4c673996d0af9db0f4cfbf50215e.
Generally followed the pattern for https://github.com/rails/rails/pull/32034
* Removes needless CI configs for 2.4
* Targets 2.5 in rubocop
* Updates existing CHANGELOG entries for fewer merge conflicts
* Removes Hash#slice extension as that's inlined on Ruby 2.5.
* Removes the need for send on define_method in MethodCallAssertions.
Erubi offers the following advantages for Rails:
* Works with ruby's --enable-frozen-string-literal option
* Has 88% smaller memory footprint
* Does no freedom patching (Erubis adds a method to Kernel)
* Has simpler internals (1 file, <150 lines of code)
* Has an open development model (Erubis doesn't have a
public source control repository or bug tracker)
* Is not dead (Erubis hasn't been updated since 2011)
Erubi is a simplified fork of Erubis that contains just the
parts that are generally needed (which includes the parts
that Rails uses). The only intentional difference in
behavior is that it does not include support for <%=== tags
for debug output. That could be added to the ActionView ERB
handler if it is desired.
The Erubis template handler remains in a deprecated state
so that code that accesses it directly does not break. It
can be removed after Rails 5.1.
- Default to Rails::DeprecatedSanitizer in ActionView::Helpers::SanitizeHelper.
- Add upgrade notes.
- Add sanitizer to new applications Gemfiles.
- Remove 'rails-dom-testing' as a dependency.
Implemented ActionView: FullSanitizer, LinkSanitizer and WhiteListSanitizer in sanitizers.rb.
Deprecated protocol_separator and bad_tags.
Added new tests in sanitizers_test.rb and reimplemented assert_dom_equal with Loofah.
This reverts commit 70d6e16fbad75b89dd1798ed697e7732b8606fa3, reversing
changes made to ea4db3bc078fb3093ecdddffdf4f2f4ff3e1e8f9.
Seems to be a code merge done by mistake.