sanitize without encode special chars
madmax opened this issue · 0 comments
madmax commented
Currently when we santize (using rails strip_tags helper for example) text it encode \r chars. For example
ActionController::Base.helpers.strip_tags("test\r\n\r\ntest") #=> "test \n \ntest"
We should pass encode_special_chars: false to Loofah.fragment.text method to avoid it.
Loofah.fragment("test\r\n\r\ntest").text(encode_special_chars: false) #=> "test\r\n\r\ntest"
Having text with encoded \r makes problems with transforming it using for example textile rails helper - it stop produce paragraphs. (Rails use RedCloth for it) example:
RedCloth.new("test \n \ntest").to_html #=> "<p>test <br />\n <br />\ntest</p>"
RedCloth.new("test\r\n\r\ntest").to_html #=> "<p>test</p>\n<p>test</p>"
By the way sanitize from Rails::Html::WhiteListSanitizer don't encode special chars :)
ActionController::Base.helpers.sanitize("test\r\n\r\ntest") #=> "test\r\n\r\ntest"