diff options
-rw-r--r-- | app/lib/sanitize_config.rb | 8 | ||||
-rw-r--r-- | spec/lib/formatter_spec.rb | 2 |
2 files changed, 5 insertions, 5 deletions
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb index f09288fcd..c2b466924 100644 --- a/app/lib/sanitize_config.rb +++ b/app/lib/sanitize_config.rb @@ -6,14 +6,14 @@ class Sanitize CLASS_WHITELIST_TRANSFORMER = lambda do |env| node = env[:node] - class_list = node['class']&.split(' ') + class_list = node['class']&.split(/[\t\n\f\r ]/) return unless class_list class_list.keep_if do |e| - return true if e =~ /^(h|p|u|dt|e)-/ # microformats classes - return true if e =~ /^(mention|hashtag)$/ # semantic classes - return true if e =~ /^(ellipsis|invisible)$/ # link formatting classes + next true if e =~ /^(h|p|u|dt|e)-/ # microformats classes + next true if e =~ /^(mention|hashtag)$/ # semantic classes + next true if e =~ /^(ellipsis|invisible)$/ # link formatting classes end node['class'] = class_list.join(' ') diff --git a/spec/lib/formatter_spec.rb b/spec/lib/formatter_spec.rb index 71b6b78d2..e79be3645 100644 --- a/spec/lib/formatter_spec.rb +++ b/spec/lib/formatter_spec.rb @@ -332,7 +332,7 @@ RSpec.describe Formatter do end context 'contains malicious classes' do - let(:text) { '<span class="status__content__spoiler-link">Show more</span>' } + let(:text) { '<span class="mention status__content__spoiler-link">Show more</span>' } it 'strips malicious classes' do is_expected.to_not include 'status__content__spoiler-link' |