Update Loofah from 2.2.3 to 2.3.1

Description

We need to update the Loofah gem from 2.2.3 to 2.3.1 due to a vulnerability:

Testing

  • Post a new chapter of a work and make sure the chapter summary has all HTML stripped out of it in the subscription email (HTML version of the email)

  • Post a new work and make sure the work summary has all HTML stripped out of it in the subscription email (HTML version of the email)

  • Log in as a tag wrangler and post a comment on a tag that uses HTML. Then go to the Tag Wrangling discussion page at https://test.archiveofourown.org/tag_wranglings/discuss (if it loads on staging... it doesn't appear to want to for me) and make sure that when you hover over a table cell that links to a comment, the title that appears contains the full text of your comment, minus the HTML

  • Submit an abuse report that uses HTML, and make sure that when you are emailed a copy of the report, the plain text email does not include HTML

Activity

Show:
Sarken
October 28, 2019, 10:53 PM
Edited
  • Posted chapter and the subscription email contained no HTML in the summary.

  • Posted work, no HTML in the subscription email summary.

  • Posted a comment, went to the page, HTML was not in there.

  • Sent an abuse report and checked the plain text email. There was no HTML – my bold tags were replaced with asterisks: I'm just making sure the *HTML* gets stripped in my emailed copy. Please close and have a nice day! I think that’s normal.

Note that subscriptions aren’t quite working properly on staging at the moment; someone will need to manually run bundle exec rake notifications:deliver_subscriptions to send the emails.

james_
October 30, 2019, 6:13 PM

Abuse report does not contain html in plain text part.

--------------------=0D
=0D
=0D
=0D
/This is a summary/=0D
=0D
=0D
=0D
=C2=A0=0D
=0D
Lets try this=0D
=0D
=0D

 

Subscription email had no html in plan text version

Went to the wrangling page and the hover over was plain text.

 

Looks good to me.

 

DeployedToBeta

Assignee

Unassigned

Reporter

Sarken

Roadmap

Misc

Priority

Medium

Affects versions

Fix versions

Components

BackEnd
Gems

Difficulty

Easy

Milestone

Internal 0.9
Configure