-
Use
Rails::HTML5::SafeListSanitizer
by default in the Rails 7.1 configuration if it is supported.Action Text's sanitizer can be configured by setting
config.action_text.sanitizer_vendor
. Supported values areRails::HTML4::Sanitizer
orRails::HTML5::Sanitizer
.The Rails 7.1 configuration will set this to
Rails::HTML5::Sanitizer
when it is supported, and fall back toRails::HTML4::Sanitizer
. Previous configurations default toRails::HTML4::Sanitizer
.As a result of this change, the defaults for
ActionText::ContentHelper.allowed_tags
and.allowed_attributes
are applied at runtime, so the value of these attributes is now 'nil' unless set by the application. You may callsanitizer_allowed_tags
orsanitizer_allowed_attributes
to inspect the tags and attributes being allowed by the sanitizer.Mike Dalessio
-
Attachables now can override default attachment missing template.
When rendering Action Text attachments where the underlying attachable model has been removed, a fallback template is used. You now can override this template on a per-model basis. For example, you could render a placeholder image for a file attachment or the text "Deleted User" for a User attachment.
Matt Swanson, Joel Drapper
-
Update bundled Trix version from
1.3.1
to2.0.4
.Sarah Ridge, Sean Doyle
-
Apply
field_error_proc
torich_text_area
form fields.Kaíque Kandy Koga
-
Action Text attachment URLs rendered in a background job (a la Turbo Streams) now use
Rails.application.default_url_options
andRails.application.config.force_ssl
instead ofhttp://example.org
.Jonathan Hefner
-
Support
strict_loading:
option forhas_rich_text
declarationSean Doyle
-
Update ContentAttachment so that it can encapsulate arbitrary HTML content in a document.
Jamis Buck
-
Fix an issue that caused the content layout to render multiple times when a rich_text field was updated.
Jacob Herrington
Please check 7-0-stable for previous changes.