From 7b5f7b4484db9afc0b7e5cd0bb497b705009e82a Mon Sep 17 00:00:00 2001
From: Roman Rizzi <rizziromanalejandro@gmail.com>
Date: Fri, 6 Jan 2023 11:47:15 -0300
Subject: [PATCH] FIX: Don't change the default allowed_attribute when calling
 #sanitize_field (#19770)

---
 app/models/concerns/has_sanitizable_fields.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/models/concerns/has_sanitizable_fields.rb b/app/models/concerns/has_sanitizable_fields.rb
index b0db07de00e..426c4207479 100644
--- a/app/models/concerns/has_sanitizable_fields.rb
+++ b/app/models/concerns/has_sanitizable_fields.rb
@@ -6,7 +6,7 @@ module HasSanitizableFields
   def sanitize_field(field, additional_attributes: [])
     if field
       sanitizer = Rails::Html::SafeListSanitizer.new
-      allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes
+      allowed_attributes = Rails::Html::SafeListSanitizer.allowed_attributes.dup
 
       if additional_attributes.present?
         allowed_attributes = allowed_attributes.merge(additional_attributes)