Rename to actionview html sanitizer

.rubocop.yml

@@ -24,19 +24,19 @@ Performance:
     - '**/test/**/*'
 
 # Prefer assert_not over assert !
-Rails/AssertNot:
+ActionView/AssertNot:
   Include:
     - '**/test/**/*'
 
 # Prefer assert_not_x over refute_x
-Rails/RefuteMethods:
+ActionView/RefuteMethods:
   Include:
     - '**/test/**/*'
 
-Rails/IndexBy:
+ActionView/IndexBy:
   Enabled: true
 
-Rails/IndexWith:
+ActionView/IndexWith:
   Enabled: true
 
 # Prefer &&/|| over and/or.

CHANGELOG.md

@@ -1,3 +1,7 @@
+## Unreleased
+
+* Rename actionview-html-sanitizer. Related: https://github.com/rails/rails/pull/49643
+
 ## 1.6.0 / 2023-05-26
 
 * Dependencies have been updated:

CONTRIBUTING.md

@@ -1,20 +1,20 @@
-Contributing to Rails Html Sanitizers
+Contributing to ActionView Html Sanitizers
 =====================
 
-[![Build Status](https://github.com/rails/rails-html-sanitizer/actions/workflows/ci.yml/badge.svg)](https://github.com/rails/rails-html-sanitizer/actions/workflows/ci.yml)
+[![Build Status](https://github.com/rails/actionview-html-sanitizer/actions/workflows/ci.yml/badge.svg)](https://github.com/rails/actionview-html-sanitizer/actions/workflows/ci.yml)
 
-Rails Html Sanitizers is work of [many contributors](https://github.com/rails/rails-html-sanitizer/graphs/contributors). You're encouraged to submit [pull requests](https://github.com/rails/rails-html-sanitizer/pulls), [propose features and discuss issues](https://github.com/rails/rails-html-sanitizer/issues).
+ActionView Html Sanitizers is work of [many contributors](https://github.com/rails/actionview-html-sanitizer/graphs/contributors). You're encouraged to submit [pull requests](https://github.com/rails/actionview-html-sanitizer/pulls), [propose features and discuss issues](https://github.com/rails/actionview-html-sanitizer/issues).
 
 ### How to submit a pull request
 
 #### Fork the Project
 
-Fork the [project on Github](https://github.com/rails/rails-html-sanitizer) and check out your copy.
+Fork the [project on Github](https://github.com/rails/actionview-html-sanitizer) and check out your copy.
 
 ```
-git clone https://github.com/contributor/rails-html-sanitizer.git
-cd rails-html-sanitizer
-git remote add upstream https://github.com/rails/rails-html-sanitizer.git
+git clone https://github.com/contributor/actionview-html-sanitizer.git
+cd actionview-html-sanitizer
+git remote add upstream https://github.com/rails/actionview-html-sanitizer.git
 ```
 
 #### Create a Topic Branch
@@ -76,7 +76,7 @@ git push origin my-feature-branch
 
 #### Make a Pull Request
 
-Go to https://github.com/contributor/rails-html-sanitizer and select your feature branch. Click the 'Pull Request' button and fill out the form. Pull requests are usually reviewed within a few days.
+Go to https://github.com/contributor/actionview-html-sanitizer and select your feature branch. Click the 'Pull Request' button and fill out the form. Pull requests are usually reviewed within a few days.
 
 #### Rebase
 
@@ -104,13 +104,13 @@ Please do know that we really appreciate and value your time and work. We love y
 
 A quick checklist:
 
-- [ ] make sure CI is green! https://github.com/rails/rails-html-sanitizer/actions/workflows/ci.yml
-- [ ] update `CHANGELOG.md` and `lib/rails/html/sanitizer/version.rb`
+- [ ] make sure CI is green! https://github.com/rails/actionview-html-sanitizer/actions/workflows/ci.yml
+- [ ] update `CHANGELOG.md` and `lib/action_view/html/sanitizer/version.rb`
 - [ ] run `bundle exec rake build`
 - [ ] create a git tag
 - [ ] `git push && git push --tags`
 - [ ] `gem push pkg/*.gem`
-- [ ] create a release at https://github.com/rails/rails-html-sanitizer/releases
+- [ ] create a release at https://github.com/rails/actionview-html-sanitizer/releases
 - if security-related,
   - [ ] publish the CVE
   - [ ] post to https://discuss.rubyonrails.org/c/security-announcements

README.md

@@ -1,31 +1,31 @@
-# Rails HTML Sanitizers
+# ActionView HTML Sanitizers
 
-This gem is responsible for sanitizing HTML fragments in Rails applications. Specifically, this is the set of sanitizers used to implement the Action View `SanitizerHelper` methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links`.
+This gem is responsible for sanitizing HTML fragments in ActionView applications. Specifically, this is the set of sanitizers used to implement the Action View `SanitizerHelper` methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links`.
 
-Rails HTML Sanitizer is only intended to be used with Rails applications. If you need similar functionality but aren't using Rails, consider using the underlying sanitization library [Loofah](https://github.com/flavorjones/loofah) directly.
+ActionView HTML Sanitizer is only intended to be used with ActionView applications. If you need similar functionality but aren't using ActionView, consider using the underlying sanitization library [Loofah](https://github.com/flavorjones/loofah) directly.
 
 
 ## Usage
 
 ### Sanitizers
 
-All sanitizers respond to `sanitize`, and are available in variants that use either HTML4 or HTML5 parsing, under the `Rails::HTML4` and `Rails::HTML5` namespaces, respectively.
+All sanitizers respond to `sanitize`, and are available in variants that use either HTML4 or HTML5 parsing, under the `ActionView::HTML4` and `ActionView::HTML5` namespaces, respectively.
 
-NOTE: The HTML5 sanitizers are not supported on JRuby. Users may programmatically check for support by calling `Rails::HTML::Sanitizer.html5_support?`.
+NOTE: The HTML5 sanitizers are not supported on JRuby. Users may programmatically check for support by calling `ActionView::HTML::Sanitizer.html5_support?`.
 
 
 #### FullSanitizer
 
 ```ruby
-full_sanitizer = Rails::HTML5::FullSanitizer.new
+full_sanitizer = ActionView::HTML5::FullSanitizer.new
 full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
 # => Bold no more!  See more here...
 ```
 
 or, if you insist on parsing the content as HTML4:
 
 ```ruby
-full_sanitizer = Rails::HTML4::FullSanitizer.new
+full_sanitizer = ActionView::HTML4::FullSanitizer.new
 full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
 # => Bold no more!  See more here...
 ```
@@ -37,15 +37,15 @@ HTML5 version:
 #### LinkSanitizer
 
 ```ruby
-link_sanitizer = Rails::HTML5::LinkSanitizer.new
+link_sanitizer = ActionView::HTML5::LinkSanitizer.new
 link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
 # => Only the link text will be kept.
 ```
 
 or, if you insist on parsing the content as HTML4:
 
 ```ruby
-link_sanitizer = Rails::HTML4::LinkSanitizer.new
+link_sanitizer = ActionView::HTML4::LinkSanitizer.new
 link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
 # => Only the link text will be kept.
 ```
@@ -56,7 +56,7 @@ link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.<
 This sanitizer is also available as an HTML4 variant, but for simplicity we'll document only the HTML5 variant below.
 
 ```ruby
-safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new
+safe_list_sanitizer = ActionView::HTML5::SafeListSanitizer.new
 
 # sanitize via an extensive safe list of allowed elements
 safe_list_sanitizer.sanitize(@article.body)
@@ -68,7 +68,7 @@ safe_list_sanitizer.sanitize(@article.body, tags: %w(table tr td), attributes: %
 safe_list_sanitizer.sanitize(@article.body, scrubber: ArticleScrubber.new)
 
 # prune nodes from the tree instead of stripping tags and leaving inner content
-safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new(prune: true)
+safe_list_sanitizer = ActionView::HTML5::SafeListSanitizer.new(prune: true)
 
 # the sanitizer can also sanitize css
 safe_list_sanitizer.sanitize_css('background-color: #000;')
@@ -78,14 +78,14 @@ safe_list_sanitizer.sanitize_css('background-color: #000;')
 
 Scrubbers are objects responsible for removing nodes or attributes you don't want in your HTML document.
 
-This gem includes two scrubbers `Rails::HTML::PermitScrubber` and `Rails::HTML::TargetScrubber`.
+This gem includes two scrubbers `ActionView::HTML::PermitScrubber` and `ActionView::HTML::TargetScrubber`.
 
-#### `Rails::HTML::PermitScrubber`
+#### `ActionView::HTML::PermitScrubber`
 
 This scrubber allows you to permit only the tags and attributes you want.
 
 ```ruby
-scrubber = Rails::HTML::PermitScrubber.new
+scrubber = ActionView::HTML::PermitScrubber.new
 scrubber.tags = ['a']
 
 html_fragment = Loofah.fragment('<a><img/ ></a>')
@@ -96,31 +96,31 @@ html_fragment.to_s # => "<a></a>"
 By default, inner content is left, but it can be removed as well.
 
 ```ruby
-scrubber = Rails::HTML::PermitScrubber.new
+scrubber = ActionView::HTML::PermitScrubber.new
 scrubber.tags = ['a']
 
 html_fragment = Loofah.fragment('<a><span>text</span></a>')
 html_fragment.scrub!(scrubber)
 html_fragment.to_s # => "<a>text</a>"
 
-scrubber = Rails::HTML::PermitScrubber.new(prune: true)
+scrubber = ActionView::HTML::PermitScrubber.new(prune: true)
 scrubber.tags = ['a']
 
 html_fragment = Loofah.fragment('<a><span>text</span></a>')
 html_fragment.scrub!(scrubber)
 html_fragment.to_s # => "<a></a>"
 ```
 
-#### `Rails::HTML::TargetScrubber`
+#### `ActionView::HTML::TargetScrubber`
 
 Where `PermitScrubber` picks out tags and attributes to permit in sanitization,
-`Rails::HTML::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.
+`ActionView::HTML::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.
 
 **Note:** by default, it will scrub anything that is not part of the permitted tags from
 loofah `HTML5::Scrub.allowed_element?`.
 
 ```ruby
-scrubber = Rails::HTML::TargetScrubber.new
+scrubber = ActionView::HTML::TargetScrubber.new
 scrubber.tags = ['img']
 
 html_fragment = Loofah.fragment('<a><img/ ></a>')
@@ -131,14 +131,14 @@ html_fragment.to_s # => "<a></a>"
 Similarly to `PermitScrubber`, nodes can be fully pruned.
 
 ```ruby
-scrubber = Rails::HTML::TargetScrubber.new
+scrubber = ActionView::HTML::TargetScrubber.new
 scrubber.tags = ['span']
 
 html_fragment = Loofah.fragment('<a><span>text</span></a>')
 html_fragment.scrub!(scrubber)
 html_fragment.to_s # => "<a>text</a>"
 
-scrubber = Rails::HTML::TargetScrubber.new(prune: true)
+scrubber = ActionView::HTML::TargetScrubber.new(prune: true)
 scrubber.tags = ['span']
 
 html_fragment = Loofah.fragment('<a><span>text</span></a>')
@@ -151,7 +151,7 @@ html_fragment.to_s # => "<a></a>"
 You can also create custom scrubbers in your application if you want to.
 
 ```ruby
-class CommentScrubber < Rails::HTML::PermitScrubber
+class CommentScrubber < ActionView::HTML::PermitScrubber
   def initialize
     super
     self.tags = %w( form script comment blockquote )
@@ -164,19 +164,19 @@ class CommentScrubber < Rails::HTML::PermitScrubber
 end
 ```
 
-See `Rails::HTML::PermitScrubber` documentation to learn more about which methods can be overridden.
+See `ActionView::HTML::PermitScrubber` documentation to learn more about which methods can be overridden.
 
-#### Custom Scrubber in a Rails app
+#### Custom Scrubber in a ActionView app
 
-Using the `CommentScrubber` from above, you can use this in a Rails view like so:
+Using the `CommentScrubber` from above, you can use this in a ActionView view like so:
 
 ```ruby
 <%= sanitize @comment, scrubber: CommentScrubber.new %>
 ```
 
 ### A note on HTML entities
 
-__Rails HTML sanitizers are intended to be used by the view layer, at page-render time. They are *not* intended to sanitize persisted strings that will be sanitized *again* at page-render time.__
+__ActionView HTML sanitizers are intended to be used by the view layer, at page-render time. They are *not* intended to sanitize persisted strings that will be sanitized *again* at page-render time.__
 
 Proper HTML sanitization will replace some characters with HTML entities. For example, text containing a `<` character will be updated to contain `&lt;` to ensure that the markup is well-formed.
 
@@ -200,38 +200,38 @@ You might simply choose to persist the untrusted string as-is (the raw input), a
 
 That raw string, if rendered in an non-HTML context (like SMS), must also be sanitized by a method appropriate for that context. You may wish to look into using [Loofah](https://github.com/flavorjones/loofah) or [Sanitize](https://github.com/rgrove/sanitize) to customize how this sanitization works, including omitting HTML entities in the final string.
 
-If you really want to sanitize the string that's stored in your database, you may wish to look into  [Loofah::ActiveRecord](https://github.com/flavorjones/loofah-activerecord) rather than use the Rails HTML sanitizers.
+If you really want to sanitize the string that's stored in your database, you may wish to look into  [Loofah::ActiveRecord](https://github.com/flavorjones/loofah-activerecord) rather than use the ActionView HTML sanitizers.
 
 
 ### A note on module names
 
-In versions < 1.6, the only module defined by this library was `Rails::Html`. Starting in 1.6, we define three additional modules:
+In versions < 1.6, the only module defined by this library was `ActionView::Html`. Starting in 1.6, we define three additional modules:
 
-- `Rails::HTML` for general functionality (replacing `Rails::Html`)
-- `Rails::HTML4` containing sanitizers that parse content as HTML4
-- `Rails::HTML5` containing sanitizers that parse content as HTML5 (if supported)
+- `ActionView::HTML` for general functionality (replacing `ActionView::Html`)
+- `ActionView::HTML4` containing sanitizers that parse content as HTML4
+- `ActionView::HTML5` containing sanitizers that parse content as HTML5 (if supported)
 
 The following aliases are maintained for backwards compatibility:
 
-- `Rails::Html` points to `Rails::HTML`
-- `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
-- `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
-- `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
+- `ActionView::Html` points to `ActionView::HTML`
+- `ActionView::HTML::FullSanitizer` points to `ActionView::HTML4::FullSanitizer`
+- `ActionView::HTML::LinkSanitizer` points to `ActionView::HTML4::LinkSanitizer`
+- `ActionView::HTML::SafeListSanitizer` points to `ActionView::HTML4::SafeListSanitizer`
 
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'rails-html-sanitizer'
+    gem 'actionview-html-sanitizer'
 
 And then execute:
 
     $ bundle
 
 Or install it yourself as:
 
-    $ gem install rails-html-sanitizer
+    $ gem install actionview-html-sanitizer
 
 
 ## Support matrix
@@ -245,7 +245,7 @@ Or install it yourself as:
 
 ## Read more
 
-Loofah is what underlies the sanitizers and scrubbers of rails-html-sanitizer.
+Loofah is what underlies the sanitizers and scrubbers of actionview-html-sanitizer.
 
 - [Loofah and Loofah Scrubbers](https://github.com/flavorjones/loofah)
 
@@ -255,17 +255,17 @@ The `node` argument passed to some methods in a custom scrubber is an instance o
 - [Nokogiri](http://nokogiri.org)
 
 
-## Contributing to Rails HTML Sanitizers
+## Contributing to ActionView HTML Sanitizers
 
-Rails HTML Sanitizers is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
+ActionView HTML Sanitizers is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
 
 See [CONTRIBUTING](CONTRIBUTING.md).
 
 ### Security reports
 
-Trying to report a possible security vulnerability in this project? Please check out the [Rails project's security policy](https://rubyonrails.org/security) for instructions.
+Trying to report a possible security vulnerability in this project? Please check out the [ActionView project's security policy](https://rubyonrails.org/security) for instructions.
 
 
 ## License
 
-Rails HTML Sanitizers is released under the [MIT License](MIT-LICENSE).
+ActionView HTML Sanitizers is released under the [MIT License](MIT-LICENSE).

rails-html-sanitizer.gemspec → actionview-html-sanitizer.gemspec

@@ -1,25 +1,25 @@
 # coding: utf-8
 # frozen_string_literal: true
 
-require_relative "lib/rails/html/sanitizer/version"
+require_relative "lib/action_view/html/sanitizer/version"
 
 Gem::Specification.new do |spec|
-  spec.name          = "rails-html-sanitizer"
-  spec.version       = Rails::HTML::Sanitizer::VERSION
+  spec.name          = "actionview-html-sanitizer"
+  spec.version       = ActionView::HTML::Sanitizer::VERSION
   spec.authors       = ["Rafael Mendonça França", "Kasper Timm Hansen", "Mike Dalessio"]
   spec.email         = ["rafaelmfranca@gmail.com", "kaspth@gmail.com", "mike.dalessio@gmail.com"]
-  spec.description   = "HTML sanitization for Rails applications"
-  spec.summary       = "This gem is responsible to sanitize HTML fragments in Rails applications."
-  spec.homepage      = "https://github.com/rails/rails-html-sanitizer"
+  spec.description   = "HTML sanitization for ActionView applications"
+  spec.summary       = "This gem is responsible to sanitize HTML fragments in ActionView applications."
+  spec.homepage      = "https://github.com/rails/actionview-html-sanitizer"
   spec.license       = "MIT"
 
   spec.required_ruby_version = ">= 2.7.0"
 
   spec.metadata = {
-    "bug_tracker_uri"   => "https://github.com/rails/rails-html-sanitizer/issues",
-    "changelog_uri"     => "https://github.com/rails/rails-html-sanitizer/blob/v#{spec.version}/CHANGELOG.md",
-    "documentation_uri" => "https://www.rubydoc.info/gems/rails-html-sanitizer/#{spec.version}",
-    "source_code_uri"   => "https://github.com/rails/rails-html-sanitizer/tree/v#{spec.version}",
+    "bug_tracker_uri"   => "https://github.com/rails/actionview-html-sanitizer/issues",
+    "changelog_uri"     => "https://github.com/rails/actionview-html-sanitizer/blob/v#{spec.version}/CHANGELOG.md",
+    "documentation_uri" => "https://www.rubydoc.info/gems/actionview-html-sanitizer/#{spec.version}",
+    "source_code_uri"   => "https://github.com/rails/actionview-html-sanitizer/tree/v#{spec.version}",
   }
 
   spec.files         = Dir["lib/**/*", "README.md", "MIT-LICENSE", "CHANGELOG.md"]