We’re delegating escaping and sanitisation to ActionView#sanitize. The last commit is 6 years old and the rails dependency is specified as > 3.1 so it’s only natural that the test suite was no longer up-to-date.
Current behaviour on Rails 7.0.3.1:
Self-closing tags no longer has / before >.
& is escaped as %amp;.
Save part of malicious content is rendered.
target attribute is rendered before href.
+ is escaped in mailto link.
Notice that 2. illustrates that auto linking emails with & behave differently than specified in the original test suite. This commit does not change the behaviour but documents the difference in behaviour. It is possible that this is a regression that should be addressed.
Summary
This PR addresses https://github.com/tenderlove/rails_autolink/issues/69 by updating the test suite to fix failing specs when running the test suite under rails 7.
Why
To make new contributions easier.
How
We’re delegating escaping and sanitisation to
ActionView#sanitize. The last commit is 6 years old and the rails dependency is specified as> 3.1so it’s only natural that the test suite was no longer up-to-date.Current behaviour on Rails 7.0.3.1:
/before>.&is escaped as%amp;.targetattribute is rendered beforehref.+is escaped in mailto link.Notice that 2. illustrates that auto linking emails with
&behave differently than specified in the original test suite. This commit does not change the behaviour but documents the difference in behaviour. It is possible that this is a regression that should be addressed.Notes
This PR is simular to https://github.com/tenderlove/rails_autolink/pull/66 and if https://github.com/tenderlove/rails_autolink/pull/66 were merged first the diff of this PR would be smaller. In this PR we also addressing some warnings and are not adding the
rails-dom-testingdependency.