diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 0e48889ebf8fd9cd5c39ddebb3902a3b9a63fd10..ab98c894b827016ec024df04e7bc76bbef9ed0bb 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -192,7 +192,7 @@ module ApplicationHelper alt: "Sign in with #{provider.to_s.titleize}") end - def simple_sanitize str + def simple_sanitize(str) sanitize(str, tags: %w(a span)) end diff --git a/spec/helpers/application_helper_spec.rb b/spec/helpers/application_helper_spec.rb index 0d066be5b458f15a40663476150f8c1285e7049f..d63a2de880627d58f2833b28c4e8ef3a1873f977 100644 --- a/spec/helpers/application_helper_spec.rb +++ b/spec/helpers/application_helper_spec.rb @@ -123,4 +123,21 @@ describe ApplicationHelper do end end + describe "simple_sanitize" do + let(:a_tag) { '<a href="#">Foo</a>' } + + it "allows the a tag" do + simple_sanitize(a_tag).should == a_tag + end + + it "allows the span tag" do + input = '<span class="foo">Bar</span>' + simple_sanitize(input).should == input + end + + it "disallows other tags" do + input = "<strike><b>#{a_tag}</b></strike>" + simple_sanitize(input).should == a_tag + end + end end