Fixes issue #3255 - In certain cases not all content of an html email is shown (HTML sanitizer will remove to much)
This commit is contained in:
parent
0b9e6676f8
commit
16872c3c89
3 changed files with 25 additions and 3 deletions
|
@ -1,6 +1,7 @@
|
|||
# content of this tags will also be removed
|
||||
Rails.application.config.html_sanitizer_tags_remove_content = %w[
|
||||
style
|
||||
comment
|
||||
]
|
||||
|
||||
# content of this tags will will be inserted html quoted
|
||||
|
|
|
@ -28,9 +28,6 @@ satinize html string based on whiltelist
|
|||
classes_whitelist = %w[js-signatureMarker yahoo_quoted]
|
||||
attributes_2_css = %w[width height]
|
||||
|
||||
# remove html comments
|
||||
string.gsub!(/<!--.+?-->/m, '')
|
||||
|
||||
scrubber_link = Loofah::Scrubber.new do |node|
|
||||
|
||||
# wrap plain-text URLs in <a> tags
|
||||
|
@ -200,6 +197,15 @@ satinize html string based on whiltelist
|
|||
string = new_string
|
||||
end
|
||||
|
||||
scrubber_tag_remove = Loofah::Scrubber.new do |node|
|
||||
# remove tags with subtree
|
||||
next if tags_remove_content.exclude?(node.name)
|
||||
|
||||
node.remove
|
||||
Loofah::Scrubber::STOP
|
||||
end
|
||||
string = Loofah.fragment(string).scrub!(scrubber_tag_remove).to_s
|
||||
|
||||
Loofah.fragment(string).scrub!(scrubber_link).to_s
|
||||
end
|
||||
rescue Timeout::Error
|
||||
|
|
|
@ -104,6 +104,21 @@ style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MA
|
|||
test 123
|
||||
<blockquote></blockquote>
|
||||
</div>')
|
||||
assert_equal(HtmlSanitizer.strict('<style><!--
|
||||
/* Font Definitions */
|
||||
@font-face
|
||||
{font-family:"Cambria Math";
|
||||
panose-1:2 4 5 3 5 4 6 3 2 4;}
|
||||
{page:WordSection1;}</style><!--[if gte mso 9]><xml>
|
||||
<o:shapedefaults v:ext="edit" spidmax="1026" />
|
||||
</xml><![endif]--><!--[if gte mso 9]><xml>
|
||||
<o:shapelayout v:ext="edit">
|
||||
<o:idmap v:ext="edit" data="1" />
|
||||
</o:shapelayout></xml><![endif]-->
|
||||
<div>123</div>
|
||||
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1">abc</a></div>'), '
|
||||
<div>123</div>
|
||||
<a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2">abc</a>')
|
||||
assert_equal(HtmlSanitizer.strict('<table><tr style="font-size: 0"><td>123</td></tr></table>'), '<table><tr><td>123</td></tr></table>')
|
||||
assert_equal(HtmlSanitizer.strict('<table><tr style="font-size: 0px"><td>123</td></tr></table>'), '<table><tr><td>123</td></tr></table>')
|
||||
assert_equal(HtmlSanitizer.strict('<table><tr style="font-size:0"><td>123</td></tr></table>'), '<table><tr><td>123</td></tr></table>')
|
||||
|
|
Loading…
Reference in a new issue