Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- `Gemfile`:
  We updated httplog in a separate commit.
  Took upstream's change which updated it further.
- `Gemfile.lock`:
  We updated httplog in a separate commit.
  Took upstream's change which updated it further.
- `app/lib/sanitize_config.rb`:
  Upstream added better unsupported link stripping,
  while we had different sanitizing configs.
  Took only upstream's link stripping code.
- `config/locales/simple_form.pl.yml`:
  Strings unused in glitch-soc had been removed from
  glitch-soc, reintroduced them even if they are not
  useful, to reduce the risk of later merge conflicts.

1 files changed, 16 insertions, 0 deletions

diff --git a/spec/lib/sanitize_config_spec.rb b/spec/lib/sanitize_config_spec.rb
index c5143bcef..0a812e872 100644
--- a/spec/lib/sanitize_config_spec.rb
+++ b/spec/lib/sanitize_config_spec.rb
@@ -14,5 +14,21 @@ describe Sanitize::Config do
     it 'keeps ul' do
       expect(Sanitize.fragment('<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>', subject)).to eq '<p>Check out:</p><ul><li>Foo</li><li>Bar</li></ul>'
     end
+
+    it 'removes a without href' do
+      expect(Sanitize.fragment('<a>Test</a>', subject)).to eq 'Test'
+    end
+
+    it 'removes a without href and only keeps text content' do
+      expect(Sanitize.fragment('<a><span class="invisible">foo&amp;</span><span>Test</span></a>', subject)).to eq 'foo&amp;Test'
+    end
+
+    it 'removes a with unsupported scheme in href' do
+      expect(Sanitize.fragment('<a href="foo://bar">Test</a>', subject)).to eq 'Test'
+    end
+
+    it 'keeps a with href' do
+      expect(Sanitize.fragment('<a href="http://example.com">Test</a>', subject)).to eq '<a href="http://example.com" rel="nofollow noopener noreferrer" target="_blank">Test</a>'
+    end
   end
 end