Sanitize any user supplied HTML before doing link detection or the

sanitizer will strip the rel=nofollow attributes.

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 2eebec1708378663a5bc4f67ad828ec5dd847da9..e10650ada1fa3cde95956725f5e679f146446156 100644 (file)
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,6 @@
 module ApplicationHelper
   def htmlize(text)
-    return sanitize(auto_link(simple_format(text), :link => :urls, :html => { :rel => "nofollow" }))
+    return auto_link(sanitize(simple_format(text)), :link => :urls, :html => { :rel => "nofollow" })
   end
 
   def html_escape_unicode(text)