diff --git a/app/lib/sanitize_config.rb b/app/lib/sanitize_config.rb
index f09288fcdc9..c2b4669245a 100644
--- a/app/lib/sanitize_config.rb
+++ b/app/lib/sanitize_config.rb
@@ -6,14 +6,14 @@ class Sanitize
CLASS_WHITELIST_TRANSFORMER = lambda do |env|
node = env[:node]
- class_list = node['class']&.split(' ')
+ class_list = node['class']&.split(/[\t\n\f\r ]/)
return unless class_list
class_list.keep_if do |e|
- return true if e =~ /^(h|p|u|dt|e)-/ # microformats classes
- return true if e =~ /^(mention|hashtag)$/ # semantic classes
- return true if e =~ /^(ellipsis|invisible)$/ # link formatting classes
+ next true if e =~ /^(h|p|u|dt|e)-/ # microformats classes
+ next true if e =~ /^(mention|hashtag)$/ # semantic classes
+ next true if e =~ /^(ellipsis|invisible)$/ # link formatting classes
end
node['class'] = class_list.join(' ')
diff --git a/spec/lib/formatter_spec.rb b/spec/lib/formatter_spec.rb
index 71b6b78d2f6..e79be3645ce 100644
--- a/spec/lib/formatter_spec.rb
+++ b/spec/lib/formatter_spec.rb
@@ -332,7 +332,7 @@ RSpec.describe Formatter do
end
context 'contains malicious classes' do
- let(:text) { 'Show more' }
+ let(:text) { 'Show more' }
it 'strips malicious classes' do
is_expected.to_not include 'status__content__spoiler-link'