Update protocol whitelist for rails-html-sanitizer

TracksApp · May 23, 2016 · 3ecf9d6 · 3ecf9d6
1 parent d42bf51
commit 3ecf9d6
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 3 deletions.
diff --git a/config/application.rb b/config/application.rb
@@ -34,9 +34,6 @@ class Application < Rails::Application
     # configure Tracks to handle deployment in a subdir
     config.relative_url_root = SITE_CONFIG['subdir'] if SITE_CONFIG['subdir']
 
-    # allow onenote:// and message:// as protocols for urls
-    config.action_view.sanitized_allowed_protocols = 'onenote', 'message'
-
     config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::XmlParamsParser
   end
 end
diff --git a/config/initializers/sanitizer.rb b/config/initializers/sanitizer.rb
@@ -0,0 +1 @@
+Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.merge(%w(message onenote))
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.merge(%w(message onenote))