Module: Sanitize::Config
- Defined in:
- lib/sanitize/config.rb,
lib/sanitize/config/basic.rb,
lib/sanitize/config/relaxed.rb,
lib/sanitize/config/restricted.rb
Constant Summary collapse
- DEFAULT =
{ # Whether or not to allow HTML comments. Allowing comments is strongly # discouraged, since IE allows script execution within conditional # comments. :allow_comments => false, # HTML attributes to add to specific elements. By default, no attributes # are added. :add_attributes => {}, # HTML attributes to allow in specific elements. By default, no attributes # are allowed. :attributes => {}, # HTML elements to allow. By default, no elements are allowed (which means # that all HTML will be stripped). :elements => [], # Output format. Supported formats are :html and :xhtml (which is the # default). :output => :xhtml, # Character encoding to use for HTML output. Default is 'utf-8'. :output_encoding => 'utf-8', # URL handling protocols to allow in specific attributes. By default, no # protocols are allowed. Use :relative in place of a protocol if you want # to allow relative URLs sans protocol. :protocols => {}, # If this is true, Sanitize will remove the contents of any filtered # elements in addition to the elements themselves. By default, Sanitize # leaves the safe parts of an element's contents behind when the element # is removed. # # If this is an Array of element names, then only the contents of the # specified elements (when filtered) will be removed, and the contents of # all other filtered elements will be left behind. :remove_contents => false, # Transformers allow you to filter or alter nodes using custom logic. See # README.rdoc for details and examples. :transformers => [] }
- BASIC =
{ :elements => [ 'a', 'b', 'blockquote', 'br', 'cite', 'code', 'dd', 'dl', 'dt', 'em', 'i', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub', 'sup', 'u', 'ul'], :attributes => { 'a' => ['href'], 'blockquote' => ['cite'], 'q' => ['cite'] }, :add_attributes => { 'a' => {'rel' => 'nofollow'} }, :protocols => { 'a' => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]}, 'blockquote' => {'cite' => ['http', 'https', :relative]}, 'q' => {'cite' => ['http', 'https', :relative]} } }
- RELAXED =
{ :elements => [ 'a', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'col', 'colgroup', 'dd', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'i', 'img', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'u', 'ul'], :attributes => { 'a' => ['href', 'title'], 'blockquote' => ['cite'], 'col' => ['span', 'width'], 'colgroup' => ['span', 'width'], 'img' => ['align', 'alt', 'height', 'src', 'title', 'width'], 'ol' => ['start', 'type'], 'q' => ['cite'], 'table' => ['summary', 'width'], 'td' => ['abbr', 'axis', 'colspan', 'rowspan', 'width'], 'th' => ['abbr', 'axis', 'colspan', 'rowspan', 'scope', 'width'], 'ul' => ['type'] }, :protocols => { 'a' => {'href' => ['ftp', 'http', 'https', 'mailto', :relative]}, 'blockquote' => {'cite' => ['http', 'https', :relative]}, 'img' => {'src' => ['http', 'https', :relative]}, 'q' => {'cite' => ['http', 'https', :relative]} } }
- RESTRICTED =
{ :elements => ['b', 'em', 'i', 'strong', 'u'] }