Update protocol whitelist for rails-html-sanitizer

config/application.rb

@@ -34,9 +34,6 @@ module Tracksapp
     # configure Tracks to handle deployment in a subdir
     config.relative_url_root = SITE_CONFIG['subdir'] if SITE_CONFIG['subdir']
 
-    # allow onenote:// and message:// as protocols for urls
-    config.action_view.sanitized_allowed_protocols = 'onenote', 'message'
-
     config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::XmlParamsParser
   end
 end

config/initializers/sanitizer.rb

@@ -0,0 +1 @@
+Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.merge(%w(message onenote))