From 6bf61b631e11aa6396d8679b968bec75505dbbfe Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Fri, 8 Aug 2025 13:50:23 -0400 Subject: [PATCH] Ensure sanitizer config applies to ActionText in production In production, eager loading prevents the default sanitizer config from applying to Action Text. Let's explicitly set it. ref: https://fizzy.37signals.com/5986089/collections/2/cards/1123 --- config/initializers/sanitization.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config/initializers/sanitization.rb b/config/initializers/sanitization.rb index 93323bc4a..a898a64b3 100644 --- a/config/initializers/sanitization.rb +++ b/config/initializers/sanitization.rb @@ -1,4 +1,7 @@ Rails.application.config.after_initialize do Rails::HTML5::SafeListSanitizer.allowed_tags.merge(%w[ s table tr td th thead tbody details summary video source]) Rails::HTML5::SafeListSanitizer.allowed_attributes.merge(%w[ data-turbo-frame controls type width data-action data-lightbox-target data-lightbox-url-value ]) + + ActionText::ContentHelper.allowed_tags = Rails::HTML5::SafeListSanitizer.allowed_tags + ActionText::ContentHelper.allowed_attributes = Rails::HTML5::SafeListSanitizer.allowed_attributes end