FIX: OpenGraph tags not fully sanitized

2024-11-22 19:46:55 +08:00 · 2013-03-22 12:32:56 +01:00 · 2013-03-22 12:32:56 +01:00 · 2ab08ef21d
commit 2ab08ef21d
parent 664915fcd2
2 changed files with 9 additions and 3 deletions
--- a/lib/summarize.rb
+++ b/lib/summarize.rb
@ -1,9 +1,10 @@
 # Summarize a HTML field into regular text. Used currently
 # for meta tags

-class Summarize
-  include ActionView::Helpers
+require 'sanitize'

+class Summarize
+  
  def initialize(text)
    @text = text
  end
@ -15,7 +16,7 @@ class Summarize
  def summary
    return nil if @text.blank?

-    result = sanitize(@text, tags: [], attributes: [])
+    result = Sanitize.clean(@text)
    result.gsub!(/\n/, ' ')
    result.strip!

--- a/spec/components/summarize_spec.rb
+++ b/spec/components/summarize_spec.rb
@ -15,6 +15,11 @@ describe Summarize do
    Summarize.new("hello <b>robin</b>").summary.should == "hello robin"
  end

+  it "removes doctype entries" do
+    # this is not valid html but this is just testing DOCTYPE entries
+    Summarize.new("<!DOCTYPE html>Discourse").summary.should == "Discourse"
+  end
+
  it "strips leading and trailing space" do
    Summarize.new("\t  \t hello   \t ").summary.should == "hello"
  end