Merge PR #39587

Closes #39587.

actionview/CHANGELOG.md

@@ -1,3 +1,11 @@
+*   SanitizeHelper.sanitized_allowed_attributes and SanitizeHelper.sanitized_allowed_tags
+    call safe_list_sanitizer's class method
+
+    Fixes #39586
+
+    *Taufiq Muhammadi*
+
+
 ## Rails 6.0.3.4 (October 07, 2020) ##
 
 *   No changes.

actionview/lib/action_view/helpers/sanitize_helper.rb

@@ -129,11 +129,11 @@ def sanitizer_vendor
         end
 
         def sanitized_allowed_tags
-          safe_list_sanitizer.allowed_tags
+          sanitizer_vendor.safe_list_sanitizer.allowed_tags
         end
 
         def sanitized_allowed_attributes
-          safe_list_sanitizer.allowed_attributes
+          sanitizer_vendor.safe_list_sanitizer.allowed_attributes
         end
 
         # Gets the Rails::Html::FullSanitizer instance used by +strip_tags+. Replace with

actionview/test/template/sanitize_helper_test.rb

@@ -40,4 +40,17 @@ def test_strip_tags_will_not_encode_special_characters
   def test_sanitize_is_marked_safe
     assert_predicate sanitize("<html><script></script></html>"), :html_safe?
   end
+
+  def test_sanitized_allowed_tags_class_method
+    expected = Set.new(["strong", "em", "b", "i", "p", "code", "pre", "tt", "samp", "kbd", "var",
+      "sub", "sup", "dfn", "cite", "big", "small", "address", "hr", "br", "div", "span", "h1", "h2",
+      "h3", "h4", "h5", "h6", "ul", "ol", "li", "dl", "dt", "dd", "abbr", "acronym", "a", "img",
+      "blockquote", "del", "ins"])
+    assert_equal(expected, self.class.sanitized_allowed_tags)
+  end
+
+  def test_sanitized_allowed_attributes_class_method
+    expected = Set.new(["href", "src", "width", "height", "alt", "cite", "datetime", "title", "class", "name", "xml:lang", "abbr"])
+    assert_equal(expected, self.class.sanitized_allowed_attributes)
+  end
 end