Use an HTML5 standards-compliant sanitizer

2023-10-27 17:46:58 +01:00 · 2023-10-27 17:46:58 +01:00 · 64f2517426
commit 64f2517426
parent 4c6a56d002
1 changed files with 2 additions and 2 deletions
--- a/config/initializers/new_framework_defaults_7_1.rb
+++ b/config/initializers/new_framework_defaults_7_1.rb
@ -195,7 +195,7 @@ Rails.application.config.active_record.generate_secure_token_on = :initialize
 #
 # In previous versions of Rails, Action View always used `Rails::HTML4::Sanitizer` as its vendor.
 #
-# Rails.application.config.action_view.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor
+Rails.application.config.action_view.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor

 # Configure Action Text to use an HTML5 standards-compliant sanitizer when it is supported on your
 # platform.
@ -205,7 +205,7 @@ Rails.application.config.active_record.generate_secure_token_on = :initialize
 #
 # In previous versions of Rails, Action Text always used `Rails::HTML4::Sanitizer` as its vendor.
 #
-# Rails.application.config.action_text.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor
+Rails.application.config.action_text.sanitizer_vendor = Rails::HTML::Sanitizer.best_supported_vendor

 # Configure the log level used by the DebugExceptions middleware when logging
 # uncaught exceptions during requests