Type	To find
responsible:me	tickets assigned to you
tagged:"@high"	tickets tagged @high
milestone:next	tickets in the upcoming milestone
state:invalid	tickets with the state invalid
created:"last week"	tickets created last week
sort:number, importance, updated	tickets sorted by #, importance or updated
Combine keywords for powerful searching.
Use advanced searching »

This project is archived and is in readonly mode.

#2393 ✓resolved

WhiteListSanitizer allows dt and dd but not dl

Reported by Nancy McLaughlin | April 1st, 2009 @ 04:04 PM | in 2.x

In /actionpack/lib/action_controller/vendor/html-scanner/html/sanitizer.rb there's this:

Specifies the default Set of tags that the

sanitize helper will allow unscathed.

self.allowed_tags = Set.new(%w(strong em b i p code pre tt samp kbd var sub sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dt dd abbr acronym a img blockquote del ins))

I can't think of any reason to allow dt and dd tags and not dl (in fact, stripping out the dl tags leaves you with invalid html), so I'm wondering if that's just an oversight.

Comments and changes to this ticket

You flagged this item as spam.
Jeff April 4th, 2009 @ 03:38 PM
+1 there's no point in allowing dt and dd if you can't use dl.

http://www.w3schools.com/TAGS/ta...

see (simple) patch
- 0001-adding-dl-to-WhiteListSanitizer-since-dt-and-dd-are.patch 1.2 KB
You flagged this item as spam.
Jeff April 5th, 2009 @ 03:17 AM
- Tag changed from “bug, sanitize” to “bug, patch, sanitize”
You flagged this item as spam.
Henrik Nyh April 5th, 2009 @ 03:30 PM
- Tag changed from “bug, patch, sanitize” to “bug, patch, sanitize, tiny”
+1
Ryan Bigg April 21st, 2009 @ 12:25 AM
+1
You flagged this item as spam.
Jeff April 21st, 2009 @ 12:40 AM
- Tag changed from “bug, patch, sanitize, tiny” to “bug, patch, sanitize, tiny, verified”
Repository May 17th, 2009 @ 01:31 PM
- State changed from “new” to “resolved”
(from [842dab0c29bb05b98856aeb333bb0c2d14601a50]) Ensure WhiteListSanitizer allows dl tag [#2393 state:resolved]

Signed-off-by: Pratik Naik pratiknaik@gmail.com
http://github.com/rails/rails/commit/842dab0c29bb05b98856aeb333bb0c...
You flagged this item as spam.
Jennifer Luo October 5th, 2010 @ 03:44 PM
- Importance changed from “” to “”
Anothing missing tag u. It's not in allowed_tag

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Shared Ticket Bins (Sort)

↓↑ drag 455 Open Bugs
↓↑ drag 0 Recent Open Tickets
↓↑ drag 87 Open Patches
↓↑ drag 0 Open Doc Patches
↓↑ drag 542 Stale Tickets
↓↑ drag 3 Verified Patches
↓↑ drag 87 Stale Patches
↓↑ drag 0 Yesterday's Tickets
↓↑ drag 0 Two Days Ago
↓↑ drag 0 This Week
↓↑ drag 0 Last Week
↓↑ drag 7 Bugmash
↓↑ drag 0 Bugmash review queue
↓↑ drag 5 Rails 3 High Priority Tickets

People watching this ticket

Attachments

0001-adding-dl-to-WhiteList... 1.2 KB

Referenced by

2393 WhiteListSanitizer allows dt and dd but not dl (from [842dab0c29bb05b98856aeb333bb0c2d14601a50]) Ensure ...

Rails Ruby on Rails → 2.x

WhiteListSanitizer allows dt and dd but not dl

Specifies the default Set of tags that the