Andreas/tracks
1
0
Fork 0
mirror of https://github.com/TracksApp/tracks.git synced 2026-02-26 09:04:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update protocol whitelist for rails-html-sanitizer

Browse source
This commit is contained in:
Dan Rice 2016-05-21 20:18:35 -04:00
parent d42bf5141e
commit 3ecf9d6cfc
2 changed files with 1 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/application.rb
View file

@ -34,9 +34,6 @@ module Tracksapp
# configure Tracks to handle deployment in a subdir # configure Tracks to handle deployment in a subdir
config.relative_url_root = SITE_CONFIG['subdir'] if SITE_CONFIG['subdir'] config.relative_url_root = SITE_CONFIG['subdir'] if SITE_CONFIG['subdir']
# allow onenote:// and message:// as protocols for urls
config.action_view.sanitized_allowed_protocols = 'onenote', 'message'
config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::XmlParamsParser config.middleware.insert_after ActionDispatch::ParamsParser, ActionDispatch::XmlParamsParser
end end
end end

1
config/initializers/sanitizer.rb Normal file
View file

@ -0,0 +1 @@
Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS.merge(%w(message onenote))