@@ -207,11 +207,55 @@ def scrub_node(node)
207207 end
208208 end
209209
210- def setup
211- @scrubber = ScrubStopper . new
210+ class ScrubContinuer < Rails ::HTML ::PermitScrubber
211+ def scrub_node ( node )
212+ Loofah ::Scrubber ::CONTINUE
213+ end
212214 end
213215
214216 def test_returns_stop_from_scrub_if_scrub_node_does
217+ @scrubber = ScrubStopper . new
215218 assert_scrub_stopped "<script>remove me</script>"
216219 end
220+
221+ def test_returns_continue_from_scrub_if_scrub_node_does
222+ @scrubber = ScrubContinuer . new
223+ assert_node_skipped "<script>keep me</script>"
224+ end
225+ end
226+
227+ class PermitScrubberMinimalOperationsTest < ScrubberTest
228+ class TestPermitScrubber < Rails ::HTML ::PermitScrubber
229+ def initialize
230+ @scrub_attribute_args = [ ]
231+ @scrub_attributes_args = [ ]
232+
233+ super
234+
235+ self . tags = [ "div" ]
236+ self . attributes = [ "class" ]
237+ end
238+
239+ def scrub_attributes ( node )
240+ @scrub_attributes_args << node . name
241+
242+ super
243+ end
244+
245+ def scrub_attribute ( node , attr )
246+ @scrub_attribute_args << [ node . name , attr . name ]
247+
248+ super
249+ end
250+ end
251+
252+ def test_does_not_scrub_attributes_of_a_removed_node
253+ @scrubber = TestPermitScrubber . new
254+
255+ input = "<div class='foo' href='bar'><svg xlink:href='asdf'><set></set></svg></div>"
256+ frag = scrub_fragment ( input )
257+ assert_equal ( "<div class=\" foo\" ></div>" , frag )
258+
259+ assert_equal ( [ "div" ] , @scrubber . instance_variable_get ( :@scrub_attributes_args ) )
260+ end
217261end
0 commit comments