Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Since bump 2.14.2 builds are failing #363

Closed
AndreasBitzan opened this issue Jun 25, 2022 · 3 comments
Closed

Since bump 2.14.2 builds are failing #363

AndreasBitzan opened this issue Jun 25, 2022 · 3 comments

Comments

@AndreasBitzan
Copy link

Hello,
I wanted to inform you that since the bump to 2.14.2 my application is not building anymore as it cannot find the constant anymore:

<class:ContentFormatter>': uninitialized constant HTML::Pipeline::SanitizationFilter::WHITELIST (NameError)`

I cannot build/start my rails server anymore. This was not the case if I change the version back to 2.14.0 in my Gemfile.lock

is there anything that can be done about this? Am I missing something out?

The "ContentFormatter" class, where the error is thrown / the uninitialized constant looks like this:

self.whitelist = HTML::Pipeline::SanitizationFilter::WHITELIST.deep_merge( elements: HTML::Pipeline::SanitizationFilter::WHITELIST[:elements] + %w[abbr iframe span figure figcaption], transformers: HTML::Pipeline::SanitizationFilter::WHITELIST[:transformers] + [ ->(env) { next unless env[:node_name] == 'a' a_tag = env[:node] a_tag['href'] ||= '#' if a_tag['href'] =~ %r{^(?:[a-z]+:)?//} a_tag['target'] = '_blank' a_tag['rel'] = 'nofollow noopener' end } ], attributes: { 'a' => %w[href rel], 'abbr' => %w[title], 'span' => %w[class], 'div' => %w[class], 'img' => %w[src longdesc class], 'th' => %w[style], 'td' => %w[style], :all => HTML::Pipeline::SanitizationFilter::WHITELIST[:attributes][:all] + %w[aria-expanded aria-label aria-labelledby aria-live aria-hidden aria-pressed role], }, css: { properties: %w[text-align], } )
@gjtorikian
Copy link
Owner

I'm not certain that this change is due to the recent bump, since that constant was changed two years ago: #339. Not really sure why this just started failing for you now.

What is ContentFormatter? I would suggest renaming instances of WHITELIST to ALLOWLIST.

@AndreasBitzan
Copy link
Author

Hmm okay, was there a breaking change from 2.14.0 to 2.14.1 ?

Thank you very much for the hint though! I rebuilt the ContentFormatter using allowlist and it is working now!

@strikefromspace
Copy link

strikefromspace commented Aug 9, 2022
edited
Loading

I got this too bumping gems to 2.14.2:

remote:  !     NameError: uninitialized constant HTML::Pipeline::SanitizationFilter::WHITELIST
remote:  !     /tmp/build_00eeace0/vendor/bundle/ruby/2.7.0/gems/thredded-0.16.16/lib/thredded/content_formatter.rb:31:in `<class:ContentFormatter>'

... however, this is an error caused by an out of date Thredded gem.

There is a new thredded gem version that uses V2.14.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gjtorikian @AndreasBitzan @strikefromspace