about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--app/lib/sanitize_config.rb8
-rw-r--r--spec/lib/formatter_spec.rb2
2 files changed, 5 insertions, 5 deletions
diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
index f09288fcd..c2b466924 100644
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@@ -6,14 +6,14 @@ class Sanitize
 
     CLASS_WHITELIST_TRANSFORMER = lambda do |env|
       node = env[:node]
-      class_list = node['class']&.split(' ')
+      class_list = node['class']&.split(/[\t\n\f\r ]/)
 
       return unless class_list
 
       class_list.keep_if do |e|
-        return true if e =~ /^(h|p|u|dt|e)-/ # microformats classes
-        return true if e =~ /^(mention|hashtag)$/ # semantic classes
-        return true if e =~ /^(ellipsis|invisible)$/ # link formatting classes
+        next true if e =~ /^(h|p|u|dt|e)-/ # microformats classes
+        next true if e =~ /^(mention|hashtag)$/ # semantic classes
+        next true if e =~ /^(ellipsis|invisible)$/ # link formatting classes
       end
 
       node['class'] = class_list.join(' ')
diff --git a/spec/lib/formatter_spec.rb b/spec/lib/formatter_spec.rb
index 71b6b78d2..e79be3645 100644
--- a/spec/lib/formatter_spec.rb
+++ b/spec/lib/formatter_spec.rb
@@ -332,7 +332,7 @@ RSpec.describe Formatter do
     end
 
     context 'contains malicious classes' do
-      let(:text) { '<span class="status__content__spoiler-link">Show more</span>' }
+      let(:text) { '<span class="mention	status__content__spoiler-link">Show more</span>' }
 
       it 'strips malicious classes' do
         is_expected.to_not include 'status__content__spoiler-link'