From abffcd9f94a1763cd5bfa6201e8d04c4d7104e6b Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Tue, 4 Feb 2014 12:48:14 -0500
Subject: [PATCH] FIX: Blacklist `<textarea>`

---
 .../javascripts/defer/html-sanitizer-bundle.js    | 15 ---------------
 test/javascripts/lib/markdown_test.js             |  1 +
 2 files changed, 1 insertion(+), 15 deletions(-)

diff --git a/app/assets/javascripts/defer/html-sanitizer-bundle.js b/app/assets/javascripts/defer/html-sanitizer-bundle.js
index f8bcc95e87a..683ecc9ab6d 100644
--- a/app/assets/javascripts/defer/html-sanitizer-bundle.js
+++ b/app/assets/javascripts/defer/html-sanitizer-bundle.js
@@ -987,19 +987,6 @@ html4.ATTRIBS = {
   'select::size': 0,
   'select::tabindex': 0,
   'source::type': 0,
-  'textarea::accesskey': 0,
-  'textarea::autocomplete': 0,
-  'textarea::disabled': 0,
-  'textarea::inputmode': 0,
-  'textarea::name': 8,
-  'textarea::onblur': 2,
-  'textarea::onchange': 2,
-  'textarea::onfocus': 2,
-  'textarea::onselect': 2,
-  'textarea::placeholder': 0,
-  'textarea::readonly': 0,
-  'textarea::tabindex': 0,
-  'textarea::wrap': 0,
   'track::default': 0,
   'track::kind': 0,
   'track::label': 0,
@@ -1136,7 +1123,6 @@ html4.ELEMENTS = {
   'table': 272,
   'tbody': 273,
   'td': 273,
-  'textarea': 8,
   'tfoot': 1,
   'th': 273,
   'thead': 273,
@@ -1259,7 +1245,6 @@ html4.ELEMENT_DOM_INTERFACES = {
   'table': 'HTMLTableElement',
   'tbody': 'HTMLTableSectionElement',
   'td': 'HTMLTableDataCellElement',
-  'textarea': 'HTMLTextAreaElement',
   'tfoot': 'HTMLTableSectionElement',
   'th': 'HTMLTableHeaderCellElement',
   'thead': 'HTMLTableSectionElement',
diff --git a/test/javascripts/lib/markdown_test.js b/test/javascripts/lib/markdown_test.js
index a36f0f37547..dcfee8acea4 100644
--- a/test/javascripts/lib/markdown_test.js
+++ b/test/javascripts/lib/markdown_test.js
@@ -349,6 +349,7 @@ test("sanitize", function() {
   cooked("<iframe src=\"https://www.google.com/maps/embed?pb=!1m10!1m8!1m3!1d2624.9983685732213!2d2.29432085!3d48.85824149999999!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sen!2s!4v1385737436368\" width=\"100\" height=\"42\"></iframe>",
          "<iframe src=\"https://www.google.com/maps/embed?pb=!1m10!1m8!1m3!1d2624.9983685732213!2d2.29432085!3d48.85824149999999!3m2!1i1024!2i768!4f13.1!5e0!3m2!1sen!2s!4v1385737436368\" width=\"100\" height=\"42\"></iframe>",
          "it allows iframe to google maps");
+  equal(sanitize("<textarea>hullo</textarea>"), "hullo");
 });
 
 test("URLs in BBCode tags", function() {