From 2523282e1e498fc39f395433877c94e09f106338 Mon Sep 17 00:00:00 2001
From: Juanito Fatas <juanito.fatas@shopify.com>
Date: Fri, 10 May 2019 15:15:08 +0900
Subject: [PATCH 1/2] href is not a HTML element

https://developer.mozilla.org/en-US/docs/Web/HTML/Element
---
 lib/rails/html/sanitizer.rb | 4 ++--
 test/sanitizer_test.rb      | 4 ----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
index f9bef9f..e73bb8c 100644
--- a/lib/rails/html/sanitizer.rb
+++ b/lib/rails/html/sanitizer.rb
@@ -48,7 +48,7 @@ def sanitize(html, options = {})
     class LinkSanitizer < Sanitizer
       def initialize
         @link_scrubber = TargetScrubber.new
-        @link_scrubber.tags = %w(a href)
+        @link_scrubber.tags = %w(a)
         @link_scrubber.attributes = %w(href)
       end
 
@@ -146,7 +146,7 @@ def allowed_tags(options)
 
       def allowed_attributes(options)
         options[:attributes] || self.class.allowed_attributes
-      end      
+      end
     end
 
     WhiteListSanitizer = SafeListSanitizer
diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb
index 6aa0509..8c579af 100644
--- a/test/sanitizer_test.rb
+++ b/test/sanitizer_test.rb
@@ -154,10 +154,6 @@ def test_strip_links_with_linkception
     assert_equal "Magic", link_sanitize("<a href='http://www.rubyonrails.com/'>Mag<a href='http://www.ruby-lang.org/'>ic")
   end
 
-  def test_strip_links_with_a_tag_in_href
-    assert_equal "FrrFox", link_sanitize("<href onlclick='steal()'>FrrFox</a></href>")
-  end
-
   def test_sanitize_form
     assert_sanitized "<form action=\"/foo/bar\" method=\"post\"><input></form>", ''
   end

From 5d735a7693d8bf3d016464e127299a5da549824f Mon Sep 17 00:00:00 2001
From: Juanito Fatas <juanito.fatas@shopify.com>
Date: Fri, 10 May 2019 15:17:04 +0900
Subject: [PATCH 2/2] Improve LinkSanitizer's documentation

---
 lib/rails/html/sanitizer.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
index e73bb8c..a539102 100644
--- a/lib/rails/html/sanitizer.rb
+++ b/lib/rails/html/sanitizer.rb
@@ -40,11 +40,12 @@ def sanitize(html, options = {})
     end
 
     # === Rails::Html::LinkSanitizer
-    # Removes a tags and href attributes leaving only the link text
+    # Removes +a+ tags and +href+ attributes leaving only the link text.
     #
-    # link_sanitizer = Rails::Html::LinkSanitizer.new
-    # link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
-    # # => Only the link text will be kept.
+    #  link_sanitizer = Rails::Html::LinkSanitizer.new
+    #  link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
+    #
+    #  => 'Only the link text will be kept.'
     class LinkSanitizer < Sanitizer
       def initialize
         @link_scrubber = TargetScrubber.new