Skip to content
Snippets Groups Projects

Don’t recursively sanitize child nodes when called from Sanitize

Merged Brett Walker requested to merge bw-remove-unncessary-child-check into master
Files
2
@@ -11,14 +11,17 @@ module SanitizeNodeLink
# sanitize 6.0 requires only a context argument. Do not add any default
# arguments to this method.
def sanitize_unsafe_links(env)
remove_unsafe_links(env)
# sanitize calls this with every node, so no need to check child nodes
remove_unsafe_links(env, sanitize_children: false)
end
def remove_unsafe_links(env, remove_invalid_links: true)
def remove_unsafe_links(env, remove_invalid_links: true, sanitize_children: true)
node = env[:node]
sanitize_node(node: node, remove_invalid_links: remove_invalid_links)
return unless sanitize_children
# HTML entities such as <video></video> have scannable attrs in
# children elements, which also need to be sanitized.
#
Loading