Do not scrub removed attributes

This should improve performance by eliminating needless sanitization
of attributes that are already removed.

lib/rails/html/scrubbers.rb

@@ -108,8 +108,11 @@ def scrub_node(node)
         def scrub_attributes(node)
           if @attributes
             node.attribute_nodes.each do |attr|
-              attr.remove if scrub_attribute?(attr.name)
-              scrub_attribute(node, attr)
+              if scrub_attribute?(attr.name)
+                attr.remove
+              else
+                scrub_attribute(node, attr)
+              end
             end
 
             scrub_css_attribute(node)

test/scrubbers_test.rb

@@ -241,6 +241,16 @@ def scrub_attribute(node, attr)
     end
   end
 
+  def test_does_not_scrub_removed_attributes
+    @scrubber = TestPermitScrubber.new
+
+    input = "<div class='foo' href='bar'></div>"
+    frag = scrub_fragment(input)
+    assert_equal("<div class=\"foo\"></div>", frag)
+
+    assert_equal([["div", "class"]], @scrubber.instance_variable_get(:@scrub_attribute_args))
+  end
+
   def test_does_not_scrub_attributes_of_a_removed_node
     @scrubber = TestPermitScrubber.new