Module: ActionView::Helpers::SanitizeHelper::ClassMethods
- Defined in:
- lib/action_view/helpers/sanitize_helper.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by
strip_tags
. -
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by
strip_links
. -
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and
sanitize_css
.
Instance Method Summary collapse
- #sanitized_allowed_attributes ⇒ Object
-
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the
sanitize
helper. - #sanitized_allowed_css_keywords ⇒ Object
-
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the
sanitize
andsanitize_css
helpers. - #sanitized_allowed_css_properties ⇒ Object
-
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and
sanitize_css
helpers. - #sanitized_allowed_protocols ⇒ Object
-
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the
sanitize
helper. - #sanitized_allowed_tags ⇒ Object
-
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the
sanitize
helper. - #sanitized_bad_tags ⇒ Object
-
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the
sanitize
helper. - #sanitized_protocol_separator ⇒ Object
- #sanitized_protocol_separator=(value) ⇒ Object
- #sanitized_shorthand_css_properties ⇒ Object
-
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the
sanitize
andsanitize_css
helpers. - #sanitized_uri_attributes ⇒ Object
-
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the
sanitize
helper checks for URIs.
Instance Attribute Details
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by strip_tags
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.full_sanitizer = MySpecialSanitizer.new
end
152 153 154 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 152 def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end |
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by strip_links
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.link_sanitizer = MySpecialSanitizer.new
end
163 164 165 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 163 def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end |
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end
174 175 176 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 174 def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end |
Instance Method Details
#sanitized_allowed_attributes ⇒ Object
121 122 123 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 121 def sanitized_allowed_attributes white_list_sanitizer.allowed_attributes end |
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the sanitize
helper.
class Application < Rails::Application
config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
end
214 215 216 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 214 def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end |
#sanitized_allowed_css_keywords ⇒ Object
129 130 131 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 129 def sanitized_allowed_css_keywords white_list_sanitizer.allowed_css_keywords end |
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the sanitize
and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_allowed_css_keywords = 'expression'
end
234 235 236 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 234 def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end |
#sanitized_allowed_css_properties ⇒ Object
125 126 127 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 125 def sanitized_allowed_css_properties white_list_sanitizer.allowed_css_properties end |
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_allowed_css_properties = 'expression'
end
224 225 226 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 224 def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end |
#sanitized_allowed_protocols ⇒ Object
137 138 139 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 137 def sanitized_allowed_protocols white_list_sanitizer.allowed_protocols end |
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the sanitize
helper.
class Application < Rails::Application
config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end
254 255 256 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 254 def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |
#sanitized_allowed_tags ⇒ Object
117 118 119 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 117 def white_list_sanitizer. end |
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the sanitize
helper.
class Application < Rails::Application
config.action_view. = 'table', 'tr', 'td'
end
204 205 206 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 204 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_bad_tags ⇒ Object
113 114 115 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 113 def white_list_sanitizer. end |
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the sanitize
helper.
class Application < Rails::Application
config.action_view. = 'embed', 'object'
end
194 195 196 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 194 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_protocol_separator ⇒ Object
105 106 107 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 105 def sanitized_protocol_separator white_list_sanitizer.protocol_separator end |
#sanitized_protocol_separator=(value) ⇒ Object
141 142 143 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 141 def sanitized_protocol_separator=(value) white_list_sanitizer.protocol_separator = value end |
#sanitized_shorthand_css_properties ⇒ Object
133 134 135 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 133 def sanitized_shorthand_css_properties white_list_sanitizer.shorthand_css_properties end |
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the sanitize
and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_shorthand_css_properties = 'expression'
end
244 245 246 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 244 def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end |
#sanitized_uri_attributes ⇒ Object
109 110 111 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 109 def sanitized_uri_attributes white_list_sanitizer.uri_attributes end |
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the sanitize
helper checks for URIs.
class Application < Rails::Application
config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end
184 185 186 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 184 def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end |