[!] Sanitize incoming classlist properly (#6162)

* Sanitize classlist properly * Actually properly sanitize every class after the first * Improve Formatter spec to check for multiple classes and non-space whitespace
2018-01-03 03:54:08 +01:00 · 2018-01-03 03:54:08 +01:00 · 545095b3ce
commit 545095b3ce
parent d319b3dbe4
2 changed files with 5 additions and 5 deletions
--- a/spec/lib/formatter_spec.rb
+++ b/spec/lib/formatter_spec.rb
@ -332,7 +332,7 @@ RSpec.describe Formatter do
    end

    context 'contains malicious classes' do
-      let(:text) { '<span class="status__content__spoiler-link">Show more</span>' }
+      let(:text) { '<span class="mention	status__content__spoiler-link">Show more</span>' }

      it 'strips malicious classes' do
        is_expected.to_not include 'status__content__spoiler-link'