Download as
Browse Code »

Commit b3ca57de54a4594e61a5f46bcf7da27126c32032

Authored by Braulio Bhavamitra
1 parent 470c1be1
Exists in rails5

rails5: Don't call droped #serialized_attributes on xss_terminate

Showing 1 changed file with 13 additions and 22 deletions   Show diff stats
vendor/plugins/xss_terminate/lib/xss_terminate.rb
  Diff comments   View file @b3ca57d
@@ -44,49 +44,40 @@ module XssTerminate @@ -44,49 +44,40 @@ module XssTerminate
44 ALLOWED_CORE_ATTRIBUTES | ALLOWED_CUSTOM_ATTRIBUTES 44 ALLOWED_CORE_ATTRIBUTES | ALLOWED_CUSTOM_ATTRIBUTES
45 end 45 end
46 46
47 - def sanitize_field(sanitizer, field, serialized = false) 47 + def sanitize_field sanitizer, field
48 field = field.to_sym 48 field = field.to_sym
49 - if serialized  
50 - puts field  
51 - self[field].each_key { |key|  
52 - key = key.to_sym  
53 - self[field][key] = sanitizer.sanitize(self[field][key], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)  
54 - } 49 + if self[field]
  50 + self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)
55 else 51 else
56 - if self[field]  
57 - self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)  
58 - else  
59 - value = self.send("#{field}")  
60 - return unless value  
61 - value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)  
62 - self.send("#{field}=", value)  
63 - end 52 + value = self.send("#{field}")
  53 + return unless value
  54 + value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false, attributes: sanitize_allowed_attributes)
  55 + self.send("#{field}=", value)
64 end 56 end
65 end 57 end
66 58
67 def sanitize_columns(with = :full) 59 def sanitize_columns(with = :full)
68 - columns_serialized = self.class.serialized_attributes.keys  
69 only = eval "xss_terminate_#{with}_options[:only]" 60 only = eval "xss_terminate_#{with}_options[:only]"
70 except = eval "xss_terminate_#{with}_options[:except]" 61 except = eval "xss_terminate_#{with}_options[:except]"
71 unless except.empty? 62 unless except.empty?
72 only.delete_if{ |i| except.include?( i.to_sym ) } 63 only.delete_if{ |i| except.include?( i.to_sym ) }
73 end 64 end
74 - return only, columns_serialized 65 + return only
75 end 66 end
76 67
77 def sanitize_fields_with_full 68 def sanitize_fields_with_full
78 sanitizer = Rails::Html::FullSanitizer.new 69 sanitizer = Rails::Html::FullSanitizer.new
79 - columns, columns_serialized = sanitize_columns(:full) 70 + columns = sanitize_columns :full
80 columns.each do |column| 71 columns.each do |column|
81 - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) 72 + sanitize_field sanitizer, column.to_sym
82 end 73 end
83 end 74 end
84 75
85 def sanitize_fields_with_white_list 76 def sanitize_fields_with_white_list
86 sanitizer = Rails::Html::WhiteListSanitizer.new 77 sanitizer = Rails::Html::WhiteListSanitizer.new
87 - columns, columns_serialized = sanitize_columns(:white_list) 78 + columns = sanitize_columns :white_list
88 columns.each do |column| 79 columns.each do |column|
89 - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) 80 + sanitize_field sanitizer, column.to_sym
90 end 81 end
91 end 82 end
92 83
@@ -94,7 +85,7 @@ module XssTerminate @@ -94,7 +85,7 @@ module XssTerminate
94 sanitizer = HTML5libSanitize.new 85 sanitizer = HTML5libSanitize.new
95 columns = sanitize_columns(:html5lib) 86 columns = sanitize_columns(:html5lib)
96 columns.each do |column| 87 columns.each do |column|
97 - sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column)) 88 + sanitize_field sanitizer, column.to_sym
98 end 89 end
99 end 90 end
100 91