diff --git a/config/initializers/sanitizer.rb b/config/initializers/sanitizer.rb
index 10ecf67..fa62ce7 100644
--- a/config/initializers/sanitizer.rb
+++ b/config/initializers/sanitizer.rb
@@ -12,24 +12,3 @@ Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES.merge %w[
   style target codebase archive classid code flashvars scrolling frameborder controls autoplay colspan
 ]
 
-# do not escape COMMENT_NODE
-require 'loofah/scrubber'
-module Loofah
-  class Scrubber
-    private
-
-    def html5lib_sanitize node
-      case node.type
-      when Nokogiri::XML::Node::ELEMENT_NODE
-        if HTML5::Scrub.allowed_element? node.name
-          HTML5::Scrub.scrub_attributes node
-          return Scrubber::CONTINUE
-        end
-      when Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE,Nokogiri::XML::Node::COMMENT_NODE
-        return Scrubber::CONTINUE
-      end
-      Scrubber::STOP
-    end
-
-  end
-end
diff --git a/test/unit/comment_test.rb b/test/unit/comment_test.rb
index 2c84232..a93cc85 100644
--- a/test/unit/comment_test.rb
+++ b/test/unit/comment_test.rb
@@ -188,7 +188,8 @@ class CommentTest < ActiveSupport::TestCase
     owner = create_user('testuser').person
     article = owner.articles.create!(:name => 'test', :body => '...')
     javascript = "<script>alert('XSS')</script>"
-    comment = create(Comment, :article => article, :name => javascript, :title => javascript, :body => javascript, :email => 'cracker@test.org')
+    comment = Comment.new(:source => article, :name => javascript, :title => javascript, :body => javascript, :email => 'cracker@test.org')
+    comment.valid?
     assert_no_match(/<script>/, comment.name)
   end
 
diff --git a/vendor/plugins/xss_terminate/lib/xss_terminate.rb b/vendor/plugins/xss_terminate/lib/xss_terminate.rb
index 341f1a8..1f89200 100644
--- a/vendor/plugins/xss_terminate/lib/xss_terminate.rb
+++ b/vendor/plugins/xss_terminate/lib/xss_terminate.rb
@@ -44,15 +44,15 @@ module XssTerminate
         puts field
         self[field].each_key { |key|
           key = key.to_sym
-          self[field][key] = sanitizer.sanitize(self[field][key])
+          self[field][key] = sanitizer.sanitize(self[field][key], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false)
         }
       else
         if self[field]
-          self[field] = sanitizer.sanitize(self[field])
+          self[field] = sanitizer.sanitize(self[field], scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false)
         else
           value = self.send("#{field}")
           return unless value
-          value = sanitizer.sanitize(value)
+          value = sanitizer.sanitize(value, scrubber: Rails::Html::PermitScrubber.new, encode_special_chars: false)
           self.send("#{field}=", value)
         end
       end
@@ -69,7 +69,7 @@ module XssTerminate
     end
 
     def sanitize_fields_with_full
-      sanitizer = ActionView::Base.full_sanitizer
+      sanitizer = Rails::Html::FullSanitizer.new
       columns, columns_serialized = sanitize_columns(:full)
       columns.each do |column|
         sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
@@ -77,7 +77,7 @@ module XssTerminate
     end
 
     def sanitize_fields_with_white_list
-      sanitizer = ActionView::Base.white_list_sanitizer
+      sanitizer = Rails::Html::WhiteListSanitizer.new
       columns, columns_serialized = sanitize_columns(:white_list)
       columns.each do |column|
         sanitize_field(sanitizer, column.to_sym, columns_serialized.include?(column))
--
libgit2 0.21.2