Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

white_list_sanitizer is deprecated #36858

Closed
jacobat opened this issue Aug 5, 2019 · 7 comments
Closed

white_list_sanitizer is deprecated #36858

jacobat opened this issue Aug 5, 2019 · 7 comments

Comments

@jacobat
Copy link

jacobat commented Aug 5, 2019

Steps to reproduce

Call simple_format in a view.

Expected behavior

No deprecation warnings are raised.

Actual behavior

DEPRECATION WARNING: warning: white_list_sanitizer isdeprecated, please use safe_list_sanitizer instead.

System configuration

Rails version:

6.0.0RC2

Ruby version:

2.6.3
@jacobat jacobat mentioned this issue Aug 5, 2019
Closed
@kaspth
Copy link
Contributor

kaspth commented Aug 5, 2019

Can you try with 6-0-stable? Should be fixed there.

@andrewkress
Copy link
Contributor

fixed with this commit

@kaspth
Copy link
Contributor

kaspth commented Aug 5, 2019

Yeah, that's the one! I've backported it to 5-2-stable as well: 2cd4bce

@kaspth kaspth closed this as completed Aug 5, 2019
@Mange
Copy link

Mange commented Aug 8, 2019

Will the 5.2 backport be released soon? We'd like to have deprecations :raise again. 🙂

@jrochkind
Copy link
Contributor

jrochkind commented Aug 8, 2019
edited

For anyone wondering what's going on, rails_html_sanitizer deprecated white_list_sanitizer in it's release 1.1.0 released August 5th. CHANGELOG

It appears to be a simple name change to safe_list_sanitizer, no functionality change. rails/rails-html-sanitizer#87

So if you upgrade the rails-html-sanitizer version in your Gemfile.lock, you'll start getting this deprecation warning. This can happen even if you have not upgraded Rails. Running bundle update might cause your rails-html-sanitizer to update to 1.1.0, or running bundle update some_gem if rails-html-sanitizer is a dependency (direct or transitive) of some_gem.

When the deprecated method name is being called by Rails itself (as it is by simple_format), the only way to avoid the deprecation is to:

a) Update to a new version of Rails (which do not yet exist at present) that does not call the deprecated method name (not sure if a 5.2 release will be made that does so. Older versions probably not? Might require a 6.0 upgrade)

b) Don't use rails_html_sanitizer 1.1.0 or above. You might add to your Gemfile gem "rails-html-sanitizer", "< 1.1.0". Problem here is you won't get any future bugfixes or security patches. (rails-html-sanitizer 1.1.0 itself seems to have no changes of significance -- other than this one -- from 1.0.4).

c) Wrap all calls to simple_format in ActiveSupport::Deprecation.silence do .. end. (haven't tested but should work).

@kaspth
Copy link
Contributor

kaspth commented Aug 8, 2019

Hey! Sorry about all the fuss here. I screwed up the 1.1.0 release. Rails 5.2 was never meant to trigger deprecation warnings.

I've just released rails-html-sanitizer 1.2.0 that removes the deprecation warnings for Rails 5.2 (Rails 6 apps will just require >= 1.2.0 and use the new API directly).

If there's more issues, please open a new issue so it won't end up lost in here for others. If someone wants to confirm that it works for them, feel free to comment directly here. Thanks everyone and sorry for all the confusion ❤️

@kaspth kaspth mentioned this issue Aug 8, 2019
Merged
@Mange
Copy link

Mange commented Aug 9, 2019

I can confirm that the new version worked! Thank you! ❤️

Full fix:

bundle update rails-html-sanitizer

mpw5 added a commit to ministryofjustice/laa-apply-for-legal-aid that referenced this issue Aug 12, 2019
@mpw5
Fix deprecation warnings on white_list_sanitizer
d47bfb4 
The recent update to v1.1.0 of rails_html_sanitizer means that rspec is
raising lots of deprecation warnings. This is a bug in that version and
and is resolved by updating to v1.2.0.

See issue here: rails/rails#36858
@mpw5 mpw5 mentioned this issue Aug 12, 2019
Closed
6 tasks
mpw5 added a commit to ministryofjustice/laa-apply-for-legal-aid that referenced this issue Aug 12, 2019
@mpw5
Fix deprecation warnings on white_list_sanitizer
4e9e668 
The recent update to v1.1.0 of rails_html_sanitizer means that rspec is
raising lots of deprecation warnings. This is a bug in that version and
and is resolved by updating to v1.2.0.

See issue here: rails/rails#36858
KPobeeNorris added a commit to ministryofjustice/offender-management-allocation-manager that referenced this issue Aug 16, 2019
@KPobeeNorris
Manually update rails-html-sanitizer gem
6e2a81f 
We have started to see deprecation warnings whilst running specs,
specifically "DEPRECATION WARNING: warning: white_list_sanitizer
isdeprecated, please use safe_list_sanitizer instead."  An issue was
opened on the Rails Github account
(rails/rails#36858) and basically the fix is
to update to the latest version of the gem.

However, we have reduced the frequency we are getting Dependabot updates
and it could be another couple of weeks before this particular update
comes through, and therefore thought it would be a good idea to just
update it manually so we can stop seeing the deprecation warning.
@KPobeeNorris KPobeeNorris mentioned this issue Aug 16, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Mange @jacobat @jrochkind @kaspth @andrewkress