Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'

Resolve "Remove rails-deprecated_sanitizer" Closes #17014 See merge request gitlab-org/gitlab-ce!27268

Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'
Resolve "Remove rails-deprecated_sanitizer" Closes #17014 See merge request gitlab-org/gitlab-ce!27268
d83eb63b · Douwe Maan · 8ede9d18 · da026ac2 · d83eb63b · d83eb63b
Commit d83eb63b authored Apr 15, 2019 by Douwe Maan
5 changed files
--- a/Gemfile
+++ b/Gemfile
 source 'https://rubygems.org'

 gem 'rails', '5.0.7.2'
-gem 'rails-deprecated_sanitizer', '~> 1.0.3'

 # Improves copy-on-write performance for MRI
 gem 'nakayoshi_fork', '~> 0.0.4'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -654,8 +654,6 @@ GEM
      actionpack (~> 5.x, >= 5.0.1)
      actionview (~> 5.x, >= 5.0.1)
      activesupport (~> 5.x)
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
@@ -1111,7 +1109,6 @@ DEPENDENCIES
  rack-proxy (~> 0.6.0)
  rails (= 5.0.7.2)
  rails-controller-testing
-  rails-deprecated_sanitizer (~> 1.0.3)
  rails-i18n (~> 5.1)
  rainbow (~> 3.0)
  raindrops (~> 0.18)

--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController

  # rubocop: disable CodeReuse/ActiveRecord
  def create
-    branch_name = sanitize(strip_tags(params[:branch_name]))
+    branch_name = strip_tags(sanitize(params[:branch_name]))
    branch_name = Addressable::URI.unescape(branch_name)

    redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
@@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController

  def ref
    if params[:ref]
-      ref_escaped = sanitize(strip_tags(params[:ref]))
+      ref_escaped = strip_tags(sanitize(params[:ref]))
      Addressable::URI.unescape(ref_escaped)
    else
      @project.default_branch || 'master'

--- a/app/helpers/markup_helper.rb
+++ b/app/helpers/markup_helper.rb
@@ -241,9 +241,7 @@ module MarkupHelper
      node.remove if node.name == 'a' && node.content.blank?
    end

-    # Use `Loofah` directly instead of `sanitize`
-    # as we still use the `rails-deprecated_sanitizer` gem
-    Loofah.fragment(text).scrub!(scrubber).to_s
+    sanitize text, scrubber: scrubber
  end

  def markdown_toolbar_button(options = {})

--- a/config/application.rb
+++ b/config/application.rb
@@ -164,8 +164,6 @@ module Gitlab
    # Version of your assets, change this if you want to expire all your assets
    config.assets.version = '1.0'

-    config.action_view.sanitized_allowed_protocols = %w(smb)
-
    # Can be removed once upgraded to Rails 5.1 or higher
    config.action_controller.raise_on_unfiltered_parameters = true