Calling "Rails::Html::SafeListSanitizer.new(prune: true)" results in "ArgumentError (unknown keyword: :prune)"
mayesgr opened this issue ยท 8 comments
Hi there and thanks for your contributions to open source, Rails, and security!
Am I doing something wrong? I'm following the documentation in the README and when I try to instantiate a new SafeListSanitizer or TargetScrubber object with "prune: true" I get an ArgumentError:
root@host:/apps/my-app# grep -i sanitizer Gemfile.lock
rails-html-sanitizer (~> 1.0, >= 1.2.0)
rails-html-sanitizer (~> 1.1, >= 1.2.0)
rails-html-sanitizer (1.4.3)
rails-html-sanitizer
root@host:/apps/my-app# rails c
Loading development environment (Rails 7.0.3.1)
2.7.4 :001 > Rails::Html::SafeListSanitizer.new
=> #<Rails::Html::SafeListSanitizer:0x00000000071631c0 @permit_scrubber=#<Rails::Html::PermitScrubber:0x0000000007163198 @direction=:bottom_up, @tags=nil, @attributes=nil>>
2.7.4 :002 > Rails::Html::SafeListSanitizer.new(prune: true)
Traceback (most recent call last):
2: from (irb):2
1: from (irb):2:in `new'
ArgumentError (unknown keyword: :prune)
2.7.4 :003 > Rails::Html::TargetScrubber.new
=> #<Rails::Html::TargetScrubber:0x0000000006e8eb70 @direction=:bottom_up, @tags=nil, @attributes=nil>
2.7.4 :004 > Rails::Html::TargetScrubber.new(prune: true)
Traceback (most recent call last):
3: from (irb):2
2: from (irb):3:in `rescue in irb_binding'
1: from (irb):3:in `new'
ArgumentError (unknown keyword: :prune)
Hi @mayesgr, sorry for the confusion here. This feature isn't in a release yet -- see https://github.com/rails/rails-html-sanitizer/blob/master/CHANGELOG.md for that information.
I'll try to cut a release this week with this feature in it.
This is delayed a bit while I validate and triage a vulnerability report. Thanks for your patience.
Hey @flavorjones any sign of that release? We lost some time to the fact that the README is updated but the release is not. No worries if it's still stalled, but perhaps revert the changes to the README to avoid confusion for others?
@jalada Thanks for the poke. I've been delaying because there's a security release that's close to shipping and I want to get that out before a feature release. If it doesn't come together in the next few days I'll ship the feature release.
Security release is getting closer, apologies again for delaying this feature release.
Hi there @flavorjones!
Echoing @jalada's comment - I've been trying to make this work at a rails console for a while, only to finally compare the gem source and the repo source, and spot the gap. Even if you just note in the README that it's not released yet, that would be helpful.
Obvi the best outcome would be for the pruning to be released. How's the security release coming?
Thank you for your maintenance work โค๏ธ
Thanks for the nudge. The security release went out last month but I didn't circle back to this feature release. I'll do that now!