Restore removal of div and style elements when sanitizing HTML

[rails.git] / config / initializers / sanitize.rb

diff --git a/config/initializers/sanitize.rb b/config/initializers/sanitize.rb
index 7360e2701658a7f02a30c310c1955a61949033fe..eb3039a132f70db038e6bb7b08bd6e4fb8e7af56 100644 (file)
--- a/config/initializers/sanitize.rb
+++ b/config/initializers/sanitize.rb
@@ -1,3 +1,5 @@
 Sanitize::Config::OSM = Sanitize::Config::RELAXED.dup
 
+Sanitize::Config::OSM[:elements] -= [ 'div', 'style' ]
 Sanitize::Config::OSM[:add_attributes] = { 'a' => { 'rel' => 'nofollow' } }
+Sanitize::Config::OSM[:remove_contents] = [ 'script', 'style' ]