My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 3: xss_terminate does not work with rails 2.2
8 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  l...@recursion.org
Closed:  Jan 2009
Type-Defect
Priority-High


Sign in to add a comment
 
Reported by Bernard.Potocki, Nov 23, 2008 
What steps will reproduce the problem?
1. Create Rails 2.2.2 application
2. Add model with xss_terminate
3. Edit model entry
4. Error no method RailsSanitize.full_sanitizer

Reason:
No full_sanitizer method for ActionView::Helpers::SanitizeHelper in rails 2.2.2

Walkaround:

RailsSanitize.class_eval do
  
  def self.full_sanitizer
    @full_sanitizer ||= HTML::FullSanitizer.new
  end
  
end
Comment 1 by l...@recursion.org, Jan 02, 2009 
Sorry for your troubles. I actually have moved the source code for the plugin to GitHub, which you can find here: http://github.com/look/xss_terminate/tree/master

The latest version there has compatibility with Rails 2.2 and is backwards compatible with Rails 2.0 and 2.1.
Comment 2 by l...@recursion.org, Jan 16, 2009 
(No comment was entered for this change.)
Status: Fixed
Owner: l...@recursion.org
Labels: -Priority-Medium Priority-High
Comment 3 by IamKenzo, Feb 02, 2009 
On a freshly created Rails 2.2.2 app, your updated code works. But on my app which
was created from Rails 1.2, I still need this initializer but only in production mode
when submitting data through a POST requets. In development mode this initializer is
not required. It seems there is a problem in the order in which classes are loaded.

Here is my error message:
--
NameError (uninitialized constant XssTerminate::InstanceMethods::RailsSanitize):
    /vendor/plugins/xss_terminate/lib/xss_terminate.rb:46:in `sanitize_fields'
    /vendor/plugins/xss_terminate/lib/xss_terminate.rb:31:in `each'
    /vendor/plugins/xss_terminate/lib/xss_terminate.rb:31:in `sanitize_fields'
Comment 4 by IamKenzo, Feb 02, 2009 
Ok I got it. In production.rb, one should not specify the config.threadsafe! option,
this is what makes xss_terminate crash.

Do you have any idea why this option is raising the error?
Comment 5 by l...@recursion.org, Feb 02, 2009 
I will look into it.
Comment 6 by l...@recursion.org, Feb 12, 2009 
 Issue 9  has been merged into this issue.
Comment 7 by l...@recursion.org, Feb 15, 2009 
 Issue 10  has been merged into this issue.
Sign in to add a comment

Hosted by Google Code