Merge branch '17014-remove-rails-deprecated_sanitizer' into 'master'

Resolve "Remove rails-deprecated_sanitizer"

Closes #17014

See merge request gitlab-org/gitlab-ce!27268

2 files changed, 3 insertions, 5 deletions

diff --git a/app/controllers/projects/branches_controller.rb b/app/controllers/projects/branches_controller.rb
index 9c31ae6376a..e14abbf7c78 100644
--- a/app/controllers/projects/branches_controller.rb
+++ b/app/controllers/projects/branches_controller.rb
@@ -53,7 +53,7 @@ class Projects::BranchesController < Projects::ApplicationController
 
   # rubocop: disable CodeReuse/ActiveRecord
   def create
-    branch_name = sanitize(strip_tags(params[:branch_name]))
+    branch_name = strip_tags(sanitize(params[:branch_name]))
     branch_name = Addressable::URI.unescape(branch_name)
 
     redirect_to_autodeploy = project.empty_repo? && project.deployment_platform.present?
@@ -122,7 +122,7 @@ class Projects::BranchesController < Projects::ApplicationController
 
   def ref
     if params[:ref]
-      ref_escaped = sanitize(strip_tags(params[:ref]))
+      ref_escaped = strip_tags(sanitize(params[:ref]))
       Addressable::URI.unescape(ref_escaped)
     else
       @project.default_branch || 'master'
diff --git a/app/helpers/markup_helper.rb b/app/helpers/markup_helper.rb
index d83c69603a9..be4fc2531ae 100644
--- a/app/helpers/markup_helper.rb
+++ b/app/helpers/markup_helper.rb
@@ -241,9 +241,7 @@ module MarkupHelper
       node.remove if node.name == 'a' && node.content.blank?
     end
 
-    # Use `Loofah` directly instead of `sanitize`
-    # as we still use the `rails-deprecated_sanitizer` gem
-    Loofah.fragment(text).scrub!(scrubber).to_s
+    sanitize text, scrubber: scrubber
   end
 
   def markdown_toolbar_button(options = {})