20690: Remove workbench1 and testing/packaging references.

[arvados.git] / apps / workbench / config / initializers / actionview_xss_fix.rb

diff --git a/apps/workbench/config/initializers/actionview_xss_fix.rb b/apps/workbench/config/initializers/actionview_xss_fix.rb
deleted file mode 100644 (file)
index 3f5e239..0000000
--- a/apps/workbench/config/initializers/actionview_xss_fix.rb
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) The Arvados Authors. All rights reserved.
-#
-# SPDX-License-Identifier: AGPL-3.0
-
-# This is related to:
-# * https://github.com/advisories/GHSA-65cv-r6x7-79hv
-# * https://nvd.nist.gov/vuln/detail/CVE-2020-5267
-#
-# Until we upgrade to rails 5.2, this monkeypatch should be enough
-ActionView::Helpers::JavaScriptHelper::JS_ESCAPE_MAP.merge!(
-  {
-    "`" => "\\`",
-    "$" => "\\$"
-  }
-)
-
-module ActionView::Helpers::JavaScriptHelper
-  alias :old_ej :escape_javascript
-  alias :old_j :j
-
-  def escape_javascript(javascript)
-    javascript = javascript.to_s
-    if javascript.empty?
-      result = ""
-    else
-      result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
-    end
-    javascript.html_safe? ? result.html_safe : result
-  end
-
-  alias :j :escape_javascript
-end
\ No newline at end of file