From: Tom Hughes <tom@compton.nu>
Date: Sat, 14 Nov 2009 16:31:51 +0000 (+0000)
Subject: Sanitize any user supplied HTML before doing link detection or the
X-Git-Tag: live~6449
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/41dfa42edd18b40226b7e622d7f9ab563367f0ef?ds=sidebyside

Sanitize any user supplied HTML before doing link detection or the
sanitizer will strip the rel=nofollow attributes.
---

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 2eebec170..e10650ada 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -1,6 +1,6 @@
 module ApplicationHelper
   def htmlize(text)
-    return sanitize(auto_link(simple_format(text), :link => :urls, :html => { :rel => "nofollow" }))
+    return auto_link(sanitize(simple_format(text)), :link => :urls, :html => { :rel => "nofollow" })
   end
 
   def html_escape_unicode(text)