Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrate to SafeListSanitizer #87

Merged
merged 1 commit into from
Apr 27, 2019

Conversation

JuanitoFatas
Copy link
Contributor

@JuanitoFatas JuanitoFatas commented Mar 21, 2019

@kaspth
Copy link
Contributor

kaspth commented Mar 31, 2019

I merged your other PRs. Since this is a more significant change it would be good to rebase.

@rafaelfranca do you have thoughts on this?

@kaspth
Copy link
Contributor

kaspth commented Apr 1, 2019

@JuanitoFatas do you want to take a stab at the test failures in another PR? 🙏

@JuanitoFatas
Copy link
Contributor Author

JuanitoFatas commented Apr 2, 2019

@JuanitoFatas do you want to take a stab at the test failures in another PR? 🙏

I will fix the tests in this Pull Request 🙇

A fix is in #90.

@JuanitoFatas JuanitoFatas reopened this Apr 2, 2019
SafeList is easier to understand
@kaspth kaspth merged commit 2191bfe into rails:master Apr 27, 2019
@kaspth
Copy link
Contributor

kaspth commented Apr 27, 2019

Forgot to get back to this one, thanks!

@jaredbeck
Copy link

Add safe_list_sanitizer and deprecate white_list_sanitizer to be removed in 1.2.0.

Is this (removing a method) a breaking change to the public API? If so, SemVer requires a major-version bump.

def white_list_sanitizer
Html::WhiteListSanitizer
ActiveSupport::Deprecation.warn "warning: white_list_sanitizer is" \
"deprecated, please use safe_list_sanitizer instead."

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is missing a space, shows up as "isdeprecated" in deprecation messages.

netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Mar 20, 2020
Update ruby-rails-html-sanitizer to 1.3.0.


## 1.3.0

* Address deprecations in Loofah 2.3.0.

  *Josh Goodall*

## 1.2.0

* Remove needless `white_list_sanitizer` deprecation.

  By deprecating this, we were forcing Rails 5.2 to be updated or spew
  deprecations that users could do nothing about.

  That's pointless and I'm sorry for adding that!

  Now there's no deprecation warning and Rails 5.2 works out of the box, while
  Rails 6 can use the updated naming.

  *Kasper Timm Hansen*

## 1.1.0

* Add `safe_list_sanitizer` and deprecate `white_list_sanitizer` to be removed
  in 1.2.0. rails/rails-html-sanitizer#87

  *Juanito Fatas*

* Remove `href` from LinkScrubber's `tags` as it's not an element.
  rails/rails-html-sanitizer#92

  *Juanito Fatas*

* Explain that we don't need to bump Loofah here if there's CVEs.
  rails/rails-html-sanitizer@d4d823c

  *Kasper Timm Hansen*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants