Module: Sanitize::Rails::Engine
Instance Method Summary collapse
-
#callback_for(options) ⇒ Object
:nodoc:.
-
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`.
-
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`.
-
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the
configure
method or with the ActionView’s default config. - #configure(config) ⇒ Object
-
#method_for(fields) ⇒ Object
:nodoc:.
Instance Method Details
#callback_for(options) ⇒ Object
:nodoc:
45 46 47 48 49 50 51 52 53 |
# File 'lib/sanitize/rails/engine.rb', line 45 def callback_for() #:nodoc: point = ([:on] || 'save').to_s unless %w( save create ).include?(point) raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create" end "before_#{point}".intern end |
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`
Ensuring this methods return instances of ActiveSupport::SafeBuffer means that text passed through ‘Sanitize::Rails::Engine.clean` will not be escaped by ActionView’s XSS filtering utilities.
34 35 36 |
# File 'lib/sanitize/rails/engine.rb', line 34 def clean(string) ::ActiveSupport::SafeBuffer.new cleaner.fragment(string) end |
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`
40 41 42 43 |
# File 'lib/sanitize/rails/engine.rb', line 40 def clean!(string) return '' if string.nil? string.replace cleaner.fragment(string) end |
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the configure
method or with the ActionView’s default config
14 15 16 17 18 19 20 21 22 23 24 25 26 |
# File 'lib/sanitize/rails/engine.rb', line 14 def cleaner @@config ||= begin { :elements => ::ActionView::Base..to_a, :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a}, :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a } } rescue warn "ActionView not available, falling back to Sanitize's BASIC config" ::Sanitize::Config::BASIC end @sanitizer ||= ::Sanitize.new(@@config) end |
#configure(config) ⇒ Object
6 7 8 |
# File 'lib/sanitize/rails/engine.rb', line 6 def configure(config) @@config = config.freeze end |
#method_for(fields) ⇒ Object
:nodoc:
55 56 57 |
# File 'lib/sanitize/rails/engine.rb', line 55 def method_for(fields) #:nodoc: "sanitize_#{fields.join('_')}".intern end |