mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 10:57:04 +08:00
FIX: Don't change the default allowed_attribute when calling #sanitize_field (#19770)
This commit is contained in:
parent
5ce5ff053e
commit
7b5f7b4484
|
@ -6,7 +6,7 @@ module HasSanitizableFields
|
|||
def sanitize_field(field, additional_attributes: [])
|
||||
if field
|
||||
sanitizer = Rails::Html::SafeListSanitizer.new
|
||||
allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes
|
||||
allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes.dup
|
||||
|
||||
if additional_attributes.present?
|
||||
allowed_attributes = allowed_attributes.merge(additional_attributes)
|
||||
|
|
Loading…
Reference in New Issue
Block a user