Module: Sanitize::Config
- Defined in:
- lib/sanitize/config.rb,
lib/sanitize/config/basic.rb,
lib/sanitize/config/relaxed.rb,
lib/sanitize/config/restricted.rb
Constant Summary collapse
- FLASH_VIDEO_OBJECT =
{ :elements => ['object', 'param', 'embed'], :attributes => { 'object' => ['width', 'height'], 'param' => ['name', 'value'], 'embed' => ['src', 'type', 'allowscriptaccess', 'allowfullscreen', 'width', 'height'] } }
- DEFAULT =
{ # Whether or not to allow HTML comments. Allowing comments is strongly # discouraged, since IE allows script execution within conditional # comments. :allow_comments => false, # HTML attributes to add to specific elements. By default, no attributes # are added. :add_attributes => {}, # HTML attributes to allow in specific elements. By default, no attributes # are allowed. :attributes => {}, # HTML elements to allow. By default, no elements are allowed (which means # that all HTML will be stripped). :elements => [], # URL prefixes to be allowed in object embeds. Note that any kind of arbitrary # object embed would be insecure, therefore this is locked down pretty tight # to allow only YouTube-style embed codes. Under no circumstances should you # add object to the allowed element above, these are handled by a separate code # path in the sanitizer. You must include the fully qualified URL name including # protocol since it matches directly against the attribute value. :object_urls => [], # This specifies the elements and attributes on an object and its immediate # descendents. The default configuration is for standard flash video embeds. :object_config => FLASH_VIDEO_OBJECT, # Output format. Supported formats are :html and :xhtml (which is the # default). :output => :xhtml, # URL handling protocols to allow in specific attributes. By default, no # protocols are allowed. Use :relative in place of a protocol if you want # to allow relative URLs sans protocol. :protocols => {} }
- BASIC =
{ :elements => [ 'a', 'b', 'blockquote', 'br', 'cite', 'code', 'dd', 'dl', 'dt', 'em', 'i', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub', 'sup', 'u', 'ul'], :attributes => { 'a' => ['href'], 'blockquote' => ['cite'], 'q' => ['cite'] }, :add_attributes => { 'a' => {'rel' => 'nofollow'} }, :protocols => { 'a' => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]}, 'blockquote' => {'cite' => ['http', 'https', :relative]}, 'q' => {'cite' => ['http', 'https', :relative]} } }
- RELAXED =
{ :elements => [ 'a', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'dl', 'dt', 'em', 'i', 'img', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'u', 'ul'], :attributes => { 'a' => ['href', 'title'], 'blockquote' => ['cite'], 'col' => ['span', 'width'], 'colgroup' => ['span', 'width'], 'img' => ['align', 'alt', 'height', 'src', 'title', 'width'], 'ol' => ['start', 'type'], 'q' => ['cite'], 'table' => ['summary', 'width'], 'td' => ['abbr', 'axis', 'colspan', 'rowspan', 'width'], 'th' => ['abbr', 'axis', 'colspan', 'rowspan', 'scope', 'width'], 'ul' => ['type'] }, :protocols => { 'a' => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]}, 'blockquote' => {'cite' => ['http', 'https', :relative]}, 'img' => {'src' => ['http', 'https', :relative]}, 'q' => {'cite' => ['http', 'https', :relative]} } }
- RESTRICTED =
{ :elements => ['b', 'em', 'i', 'strong', 'u'] }