Sanitize any user supplied HTML before doing link detection or the
authorTom Hughes <tom@compton.nu>
Sat, 14 Nov 2009 16:31:51 +0000 (16:31 +0000)
committerTom Hughes <tom@compton.nu>
Sat, 14 Nov 2009 16:31:51 +0000 (16:31 +0000)
sanitizer will strip the rel=nofollow attributes.

app/helpers/application_helper.rb

index 2eebec1..e10650a 100644 (file)
@@ -1,6 +1,6 @@
 module ApplicationHelper
   def htmlize(text)
-    return sanitize(auto_link(simple_format(text), :link => :urls, :html => { :rel => "nofollow" }))
+    return auto_link(sanitize(simple_format(text)), :link => :urls, :html => { :rel => "nofollow" })
   end
 
   def html_escape_unicode(text)