Now returning html if html is blank? in FullSanitizer and WhiteListSanitizer....

Now returning html if html is blank? in FullSanitizer and WhiteListSanitizer. This means it'll return false if called with false, however that is not a valid use case.

Now returning html if html is blank? in FullSanitizer and WhiteListSanitizer....
Now returning html if html is blank? in FullSanitizer and WhiteListSanitizer. This means it'll return false if called with false, however that is not a valid use case.
0a0d151b · Timm · 5430487d · 0a0d151b · 0a0d151b
2 changed file
--- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb
 require 'active_support/core_ext/class/attribute'
+require 'active_support/core_ext/object/blank'
 require 'active_support/deprecation'
 require 'action_view/helpers/sanitize_helper/scrubbers'

@@ -25,7 +26,7 @@ def remove_xpaths(html, xpaths)
  class FullSanitizer < Sanitizer
    def sanitize(html, options = {})
      return unless html
-      return html if html.empty?
+      return html if html.blank?

      Loofah.fragment(html).tap do |fragment|
        remove_xpaths(fragment, XPATHS_TO_REMOVE)
@@ -51,6 +52,7 @@ def initialize

    def sanitize(html, options = {})
      return unless html
+      return html if html.blank?

      loofah_fragment = Loofah.fragment(html)


--- a/actionview/test/template/sanitizers_test.rb
+++ b/actionview/test/template/sanitizers_test.rb
@@ -219,7 +219,7 @@ def test_should_allow_custom_tags_with_custom_attributes
  def test_should_raise_argument_error_if_tags_is_not_enumerable
    sanitizer = ActionView::WhiteListSanitizer.new
    e = assert_raise(ArgumentError) do
-      sanitizer.sanitize('', :tags => 'foo')
+      sanitizer.sanitize('<a>some html</a>', :tags => 'foo')
    end

    assert_equal "You should pass :tags as an Enumerable", e.message
@@ -228,7 +228,7 @@ def test_should_raise_argument_error_if_tags_is_not_enumerable
  def test_should_raise_argument_error_if_attributes_is_not_enumerable
    sanitizer = ActionView::WhiteListSanitizer.new
    e = assert_raise(ArgumentError) do
-      sanitizer.sanitize('', :attributes => 'foo')
+      sanitizer.sanitize('<a>some html</a>', :attributes => 'foo')
    end

    assert_equal "You should pass :attributes as an Enumerable", e.message
@@ -242,7 +242,7 @@ def scrub(node); node.name = 'h1'; end
    end

    assert_raise Loofah::ScrubberNotFound do
-      sanitizer.sanitize('', :scrubber => scrubber)
+      sanitizer.sanitize('<a>some html</a>', :scrubber => scrubber)
    end
  end