diff --git a/app/models/concerns/checks_html_sanitized.rb b/app/models/concerns/checks_html_sanitized.rb
index 0247fc427..147125a8e 100644
--- a/app/models/concerns/checks_html_sanitized.rb
+++ b/app/models/concerns/checks_html_sanitized.rb
@@ -9,7 +9,7 @@ module ChecksHtmlSanitized
def sanitized_html_attributes
html_attributes = self.class.instance_variable_get(:@sanitized_html) || []
- return true if html_attributes.empty?
+ return true if html_attributes.blank?
html_attributes.each do |attribute|
value = send(attribute)
diff --git a/lib/html_sanitizer.rb b/lib/html_sanitizer.rb
index 5abb5b979..67e0b046b 100644
--- a/lib/html_sanitizer.rb
+++ b/lib/html_sanitizer.rb
@@ -19,6 +19,9 @@ satinize html string based on whiltelist
classes_whitelist = ['js-signatureMarker']
attributes_2_css = %w(width height)
+ # remove html comments
+ string.gsub!(//m, '')
+
scrubber_link = Loofah::Scrubber.new do |node|
# check if href is different to text
@@ -64,7 +67,7 @@ satinize html string based on whiltelist
urls.push match[1].to_s.strip
end
end
- next if urls.empty?
+ next if urls.blank?
add_link(node.content, urls, node)
end
end
@@ -136,7 +139,7 @@ satinize html string based on whiltelist
# move style attributes to css attributes
attributes_2_css.each do |key|
next if !node[key]
- if node['style'].empty?
+ if node['style'].blank?
node['style'] = ''
else
node['style'] += ';'
@@ -343,7 +346,7 @@ cleanup html string:
end
def self.add_link(content, urls, node)
- if urls.empty?
+ if urls.blank?
text = Nokogiri::XML::Text.new(content, node.document)
node.add_next_sibling(text)
return
diff --git a/test/unit/html_sanitizer_test.rb b/test/unit/html_sanitizer_test.rb
index e29b71c8e..77d03f4c3 100644
--- a/test/unit/html_sanitizer_test.rb
+++ b/test/unit/html_sanitizer_test.rb
@@ -75,6 +75,37 @@ tt p://6 6.000146.0x7.147/">XSS', true), 'XSS ('), 'alert(1)')
assert_equal(HtmlSanitizer.strict(''), 'http://example.com')
assert_equal(HtmlSanitizer.strict('', true), 'http://example.com')
+ assert_equal(HtmlSanitizer.strict(''), '')
+
end
end