Merge pull request #34 from rails/accept-ascii-8bit-strings

Prevent "unknown encoding: ASCII-8BIT" errors

Author: kaspth

lib/rails/html/sanitizer.rb

@@ -120,7 +120,7 @@ def sanitize(html, options = {})
           loofah_fragment.scrub!(:strip)
         end
 
-        loofah_fragment.to_s
+        properly_encode(loofah_fragment, encoding: 'UTF-8')
       end
 
       def sanitize_css(style_string)
@@ -136,6 +136,10 @@ def allowed_tags(options)
       def allowed_attributes(options)
         options[:attributes] || self.class.allowed_attributes
       end
+
+      def properly_encode(fragment, options)
+        fragment.xml? ? fragment.to_xml(options) : fragment.to_html(options)
+      end
     end
   end
 end

test/sanitizer_test.rb

@@ -446,6 +446,13 @@ def test_x03a_legitimate
     assert_sanitized %(<a href="http&#x3A;//legit">), %(<a href="http://legit">)
   end
 
+  def test_sanitize_ascii_8bit_string
+    white_list_sanitize('<a>hello</a>'.encode('ASCII-8BIT')).tap do |sanitized|
+      assert_equal '<a>hello</a>', sanitized
+      assert_equal Encoding::UTF_8, sanitized.encoding
+    end
+  end
+
 protected
 
   def xpath_sanitize(input, options = {})