diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
index ffe131d..4f30f4b 100644
--- a/lib/rails/html/sanitizer.rb
+++ b/lib/rails/html/sanitizer.rb
@@ -34,6 +34,7 @@ module Concern
module ComposedSanitize
def sanitize(html, options = {})
return unless html
+ html = html.instance_of?(Range) ? html.to_s : html
return html if html.empty?
serialize(scrub(parse_fragment(html), options))
diff --git a/test/sanitizer_test.rb b/test/sanitizer_test.rb
index f78cd62..35f8663 100644
--- a/test/sanitizer_test.rb
+++ b/test/sanitizer_test.rb
@@ -137,6 +137,16 @@ def test_strip_cdata
assert_includes(acceptable_results, result)
end
+ def test_strip_passed_passed_duck_typed_range
+ input = 2001..2005
+ result = full_sanitize(input)
+ acceptable_results = [
+ "2001..2005",
+ ]
+
+ assert_includes(acceptable_results, result)
+ end
+
def test_strip_blank_string
assert_nil full_sanitize(nil)
assert_equal "", full_sanitize("")
@@ -211,6 +221,11 @@ def test_strip_links_with_unclosed_tags
assert_equal "", link_sanitize("", ""
end
+ def test_sanitize_passed_duck_typed_range
+ assert_sanitized Range.new(2001, 2005), "2001..2005"
+ assert_sanitized 2001..2005, "2001..2005"
+ end
+
def test_sanitize_plaintext
# note that the `plaintext` tag has been deprecated since HTML 2
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/plaintext
@@ -306,7 +326,19 @@ def test_sanitize_plaintext
# xerces+nekohtml-unit
"<span>foo</span></plaintext>",
# xerces+cyberneko
- "<span>foo</span>"
+ "<span>foo</span>",
+ ]
+
+ assert_includes(acceptable_results, result)
+ end
+
+ def test_safe_sanitize_passed_duck_typed_range
+ # note that the `plaintext` tag has been deprecated since HTML 2
+ # https://developer.mozilla.org/en-US/docs/Web/HTML/Element/plaintext
+ input = 2001..2005
+ result = safe_list_sanitize(input)
+ acceptable_results = [
+ "2001..2005",
]
assert_includes(acceptable_results, result)