Commit b3ca57de54a4594e61a5f46bcf7da27126c32032
1 parent
470c1be1
Exists in
rails5
rails5: Don't call droped #serialized_attributes on xss_terminate
Showing
1 changed file
with
13 additions
and
22 deletions
Show diff stats
vendor/plugins/xss_terminate/lib/xss_terminate.rb
| ... | ... | @@ -44,49 +44,40 @@ module XssTerminate |
| 44 | 44 | ALLOWED_CORE_ATTRIBUTES | ALLOWED_CUSTOM_ATTRIBUTES |
| 45 | 45 | end |
| 46 | 46 | |
| 47 | - def sanitize_field(sanitizer, field, serialized = false) | |
| 47 | + def sanitize_field sanitizer, field | |
| 48 | 48 | field = field.to_sym |
| 49 | - if serialized | |
| 50 | - puts field | |
| 51 | - self[field].each_key { |key| | |
| 52 | - key = key.to_sym | |
| 53 | - self[field][key] = sanitizer.sanitize(self[field][key], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes) | |
| 54 | - } | |
| 49 | + if self[field] | |
| 50 | + self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes) | |
| 55 | 51 | else |
| 56 | - if self[field] | |
| 57 | - self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes) | |
| 58 | - else | |
| 59 | - value = self.send("#{field}") | |
| 60 | - return unless value | |
| 61 | - value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes) | |
| 62 | - self.send("#{field}=", value) | |
| 63 | - end | |
| 52 | + value = self.send("#{field}") | |
| 53 | + return unless value | |
| 54 | + value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes) | |
| 55 | + self.send("#{field}=", value) | |
| 64 | 56 | end |
| 65 | 57 | end |
| 66 | 58 | |
| 67 | 59 | def sanitize_columns(with = :full) |
| 68 | - columns_serialized = self.class.serialized_attributes.keys | |
| 69 | 60 | only = eval "xss_terminate_#{with}_options[:only]" |
| 70 | 61 | except = eval "xss_terminate_#{with}_options[:except]" |
| 71 | 62 | unless except.empty? |
| 72 | 63 | only.delete_if{ |i| except.include?( i.to_sym ) } |
| 73 | 64 | end |
| 74 | - return only, columns_serialized | |
| 65 | + return only | |
| 75 | 66 | end |
| 76 | 67 | |
| 77 | 68 | def sanitize_fields_with_full |
| 78 | 69 | sanitizer = Rails::Html::FullSanitizer.new |
| 79 | - columns, columns_serialized = sanitize_columns(:full) | |
| 70 | + columns = sanitize_columns :full | |
| 80 | 71 | columns.each do |column| |
| 81 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) | |
| 72 | + sanitize_field sanitizer, column.to_sym | |
| 82 | 73 | end |
| 83 | 74 | end |
| 84 | 75 | |
| 85 | 76 | def sanitize_fields_with_white_list |
| 86 | 77 | sanitizer = Rails::Html::WhiteListSanitizer.new |
| 87 | - columns, columns_serialized = sanitize_columns(:white_list) | |
| 78 | + columns = sanitize_columns :white_list | |
| 88 | 79 | columns.each do |column| |
| 89 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) | |
| 80 | + sanitize_field sanitizer, column.to_sym | |
| 90 | 81 | end |
| 91 | 82 | end |
| 92 | 83 | |
| ... | ... | @@ -94,7 +85,7 @@ module XssTerminate |
| 94 | 85 | sanitizer = HTML5libSanitize.new |
| 95 | 86 | columns = sanitize_columns(:html5lib) |
| 96 | 87 | columns.each do |column| |
| 97 | - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) | |
| 88 | + sanitize_field sanitizer, column.to_sym | |
| 98 | 89 | end |
| 99 | 90 | end |
| 100 | 91 | ... | ... |