rails-html-sanitizer 1.0.3 crashes with both ruby 2.3.0p0 & ruby 2.2.2p95

[phearle]

Hi,

I'm having an issue where rails-html-sanitizer seems to be causing a VM crash for both ruby 2.2.2p95 and ruby 2.3.0p0 when sending email via ActionMailer. I've reproduced this crash with Rails 4.2.5, 4.2.5.1 and 4.2.6.

In each case I can fix the crash by specifying rails-html-sanitizer 1.0.2 in our Gemfile. With everything else being equal (no other differences in the Gemfile.lock file) 1.0.3 will reliably cause a crash when sending email via ActionMailer and 1.0.2 will not. Our fix, for the moment, is to lock rails-html-sanitizer at version 1.0.2.

Any suggestions as to why 1.0.3 might be consistently causing or enabling Ruby VM Crashes when sending email?

I've attached two Ruby VM dumps from Apache's error log.
ruby-crash-2_3_0p0-apache_error.log.gz

ruby-crash-2_2_2p95-apache_error.log.gz

[rafaelfranca]

Does nokogiri version also changed with the rails-html-sanitizer version?

[phearle]

Yes, it does when upgrading to 1.0.3 from 1.0.2. I must have missed this the first time.

However, if I downgrade rails-html-sanitizer back to 1.0.2 via the Gemfile and bundler, nokogiri is not downgraded (stays at 1.6.7.2) and the crashes no longer happen.

Always crashes:
rails-html-sanitizer 1.0.3
nokogiri 1.6.7.2

Cannot reproduce crash:
rails-html-sanitizer 1.0.2
nokogiri 1.6.7.2
and
rails-html-sanitizer 1.0.2
nokogiri 1.6.7

The crash issue has been reproduced on Ubuntu 15.10, 14.04 LTS, and the 10.04.4 LTS.

[rafaelfranca]

By the error log this crashes comes from the polyglot gem and it is not related with this gem. Could you confirm that it was not changed?

[rafaelfranca]

Also the mail gem is at that log.