Fixes for the review made by @javierm

this commit will be merged with the others when the chages are accepted
2018-08-24 15:11:54 +02:00
parent 88f0f14eab
commit d574657b77
10 changed files with 28 additions and 25 deletions
--- a/lib/wysiwyg_sanitizer.rb
+++ b/lib/wysiwyg_sanitizer.rb
@@ -1,7 +1,7 @@
 class WYSIWYGSanitizer

-  ALLOWED_TAGS = %w(p ul ol li strong em u s)
-  ALLOWED_ATTRIBUTES = []
+  ALLOWED_TAGS = %w(p ul ol li strong em u s img a h1 h2 h3 h4 h6 pre addres div)
+  ALLOWED_ATTRIBUTES = %w(href style src alt)

  def sanitize(html)
    ActionController::Base.helpers.sanitize(html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES)