Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add <mark> to DEFAULT_ALLOWED_TAGS #180

Merged
merged 1 commit into from
Apr 23, 2024
Merged

Conversation

dogweather
Copy link
Contributor

This is a safe tag and a common use case for sanitize in Rails: It's a semantic tag that's useful when showing search results. Search results can contain user input. Hence, best practice is to run them through sanitize.

E.g., in my code:

sanitize(search_hit_html, tags: %w[mark])

Copy link
Member

@flavorjones flavorjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems reasonable to me.

At some point we should audit the differences between Loofah and R::H::S, because Loofah has allowed this tag since v2.0.0 in 2014.

@dogweather
Copy link
Contributor Author

Maybe a PR to DRY up the code?

@flavorjones flavorjones merged commit a105af7 into rails:main Apr 23, 2024
11 checks passed
@flavorjones
Copy link
Member

@dogweather I want to audit the differences before writing code, I started doing this for attribute in #136 and hope to finish unifying Loofah and R::H::S as much as possible for the next big release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants