How to migrate to new sanitizer

[igorkasyanchuk]

Currently after upgrading gems in my app I see the following (with config.active_support.deprecation = :raise to see stack trace) :

How to set new sanitizer? I'm just calling "simple_format in the email".

  2) Comment creates email
     Failure/Error: = simple_format @enquiry.message
     
     ActionView::Template::Error:
       DEPRECATION WARNING: warning: white_list_sanitizer isdeprecated, please use safe_list_sanitizer instead. (called from _app_views_user_mailer_new_enquiry_html_slim___3814535579015863922_148706880 at /root/projects/platforma/app/views/user_mailer/new_enquiry.html.slim:4)
     # ./app/views/user_mailer/new_enquiry.html.slim:4:in `_app_views_user_mailer_new_enquiry_html_slim___3814535579015863922_148706880'
     # ./app/mailers/application_mailer.rb:16:in `mail'
     # ./app/mailers/user_mailer.rb:56:in `new_enquiry'
     # ./app/models/enquiry.rb:129:in `send_notification'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/evaluation.rb:18:in `create'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/strategy/create.rb:12:in `block in result'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/strategy/create.rb:9:in `tap'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/strategy/create.rb:9:in `result'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/factory.rb:43:in `run'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/factory_runner.rb:29:in `block in run'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/factory_runner.rb:28:in `run'
     # /usr/local/rvm/gems/ruby-2.6.1/gems/factory_bot-5.0.2/lib/factory_bot/strategy_syntax_method_registrar.rb:20:in `block in define_singular_strategy_method'
     # ./spec/models/comment_spec.rb:109:in `block (2 levels) in <main>'
     # ------------------
     # --- Caused by: ---
     # ActiveSupport::DeprecationException:
     #   DEPRECATION WARNING: warning: white_list_sanitizer isdeprecated, please use safe_list_sanitizer instead. (called from _app_views_user_mailer_new_enquiry_html_slim___3814535579015863922_148706880 at /root/projects/platforma/app/views/user_mailer/new_enquiry.html.slim:4)
     #   ./app/views/user_mailer/new_enquiry.html.slim:4:in `_app_views_user_mailer_new_enquiry_html_slim___3814535579015863922_148706880'

[jacobat]

This looks like an issue in ActionView. Should probably be fixed there.

According to the code you should be able to set a white list sanitizer https://github.com/rails/rails/blob/master/actionview/lib/action_view/helpers/sanitize_helper.rb#L155-L160 - I can't make that work though.

[jacobat]

Issue filed: rails/rails#36858

[kaspth]

Yeah, let's take it to the Rails issue, thanks.

[rocket-turtle]

For those who run a Rails version 4.2 to 5.1 you can update rails-html-sanitizer to the Version 1.2.

---

OLD Comment for rails-html-sanitizer Version 1.1

For those who run a Rails version 4.2 to 5.1 you can eather fix the gem to gem 'rails-html-sanitizer', '~> 1.0.3' or remove the deprecation warning via a monkey patch.

    actionview (4.2.11.1)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)

require 'rails/html/sanitizer'

module Rails
  module Html
    class Sanitizer
      class << self
        def white_list_sanitizer
          safe_list_sanitizer
        end
      end
    end
  end
end

[kaspth]

Just for reference here: rails/rails#36858 (comment)