Module: ActionView::Helpers::SanitizeHelper::ClassMethods
- Included in:
- ClassMethods
- Defined in:
- lib/action_view/helpers/sanitize_helper.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by
strip_tags
. -
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by
strip_links
. -
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and
sanitize_css
.
Instance Method Summary collapse
- #sanitized_allowed_attributes ⇒ Object
-
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the
sanitize
helper. - #sanitized_allowed_css_keywords ⇒ Object
-
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the
sanitize
andsanitize_css
helpers. - #sanitized_allowed_css_properties ⇒ Object
-
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and
sanitize_css
helpers. - #sanitized_allowed_protocols ⇒ Object
-
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the
sanitize
helper. - #sanitized_allowed_tags ⇒ Object
-
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the
sanitize
helper. - #sanitized_bad_tags ⇒ Object
-
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the
sanitize
helper. - #sanitized_protocol_separator ⇒ Object
- #sanitized_protocol_separator=(value) ⇒ Object
- #sanitized_shorthand_css_properties ⇒ Object
-
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the
sanitize
andsanitize_css
helpers. - #sanitized_uri_attributes ⇒ Object
-
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the
sanitize
helper checks for URIs.
Instance Attribute Details
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by strip_tags
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.full_sanitizer = MySpecialSanitizer.new
end
151 152 153 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 151 def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end |
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by strip_links
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.link_sanitizer = MySpecialSanitizer.new
end
162 163 164 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 162 def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end |
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end
173 174 175 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 173 def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end |
Instance Method Details
#sanitized_allowed_attributes ⇒ Object
120 121 122 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 120 def sanitized_allowed_attributes white_list_sanitizer.allowed_attributes end |
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
end
213 214 215 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 213 def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end |
#sanitized_allowed_css_keywords ⇒ Object
128 129 130 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 128 def sanitized_allowed_css_keywords white_list_sanitizer.allowed_css_keywords end |
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_keywords = 'expression'
end
233 234 235 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 233 def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end |
#sanitized_allowed_css_properties ⇒ Object
124 125 126 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 124 def sanitized_allowed_css_properties white_list_sanitizer.allowed_css_properties end |
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_properties = 'expression'
end
223 224 225 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 223 def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end |
#sanitized_allowed_protocols ⇒ Object
136 137 138 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 136 def sanitized_allowed_protocols white_list_sanitizer.allowed_protocols end |
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end
253 254 255 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 253 def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |
#sanitized_allowed_tags ⇒ Object
116 117 118 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 116 def white_list_sanitizer. end |
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'table', 'tr', 'td'
end
203 204 205 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 203 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_bad_tags ⇒ Object
112 113 114 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 112 def white_list_sanitizer. end |
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'embed', 'object'
end
193 194 195 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 193 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_protocol_separator ⇒ Object
104 105 106 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 104 def sanitized_protocol_separator white_list_sanitizer.protocol_separator end |
#sanitized_protocol_separator=(value) ⇒ Object
140 141 142 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 140 def sanitized_protocol_separator=(value) white_list_sanitizer.protocol_separator = value end |
#sanitized_shorthand_css_properties ⇒ Object
132 133 134 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 132 def sanitized_shorthand_css_properties white_list_sanitizer.shorthand_css_properties end |
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_shorthand_css_properties = 'expression'
end
243 244 245 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 243 def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end |
#sanitized_uri_attributes ⇒ Object
108 109 110 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 108 def sanitized_uri_attributes white_list_sanitizer.uri_attributes end |
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the sanitize
helper checks for URIs.
Rails::Initializer.run do |config|
config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end
183 184 185 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 183 def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end |