Module: ActionView::Helpers::SanitizeHelper::ClassMethods
- Defined in:
- lib/action_view/helpers/sanitize_helper.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by
strip_tags
. -
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by
strip_links
. -
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and
sanitize_css
.
Instance Method Summary collapse
- #sanitized_allowed_attributes ⇒ Object
-
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the
sanitize
helper. - #sanitized_allowed_css_keywords ⇒ Object
-
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the
sanitize
andsanitize_css
helpers. - #sanitized_allowed_css_properties ⇒ Object
-
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and
sanitize_css
helpers. - #sanitized_allowed_protocols ⇒ Object
-
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the
sanitize
helper. - #sanitized_allowed_tags ⇒ Object
-
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the
sanitize
helper. - #sanitized_bad_tags ⇒ Object
-
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the
sanitize
helper. - #sanitized_protocol_separator ⇒ Object
- #sanitized_protocol_separator=(value) ⇒ Object
- #sanitized_shorthand_css_properties ⇒ Object
-
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the
sanitize
andsanitize_css
helpers. - #sanitized_uri_attributes ⇒ Object
-
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the
sanitize
helper checks for URIs.
Instance Attribute Details
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by strip_tags
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.full_sanitizer = MySpecialSanitizer.new
end
148 149 150 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 148 def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end |
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by strip_links
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.link_sanitizer = MySpecialSanitizer.new
end
159 160 161 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 159 def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end |
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css
. Replace with any object that responds to sanitize
.
class Application < Rails::Application
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end
170 171 172 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 170 def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end |
Instance Method Details
#sanitized_allowed_attributes ⇒ Object
117 118 119 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 117 def sanitized_allowed_attributes white_list_sanitizer.allowed_attributes end |
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the sanitize
helper.
class Application < Rails::Application
config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc']
end
210 211 212 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 210 def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end |
#sanitized_allowed_css_keywords ⇒ Object
125 126 127 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 125 def sanitized_allowed_css_keywords white_list_sanitizer.allowed_css_keywords end |
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the sanitize
and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_allowed_css_keywords = 'expression'
end
230 231 232 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 230 def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end |
#sanitized_allowed_css_properties ⇒ Object
121 122 123 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 121 def sanitized_allowed_css_properties white_list_sanitizer.allowed_css_properties end |
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_allowed_css_properties = 'expression'
end
220 221 222 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 220 def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end |
#sanitized_allowed_protocols ⇒ Object
133 134 135 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 133 def sanitized_allowed_protocols white_list_sanitizer.allowed_protocols end |
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the sanitize
helper.
class Application < Rails::Application
config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end
250 251 252 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 250 def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |
#sanitized_allowed_tags ⇒ Object
113 114 115 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 113 def white_list_sanitizer. end |
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the sanitize
helper.
class Application < Rails::Application
config.action_view. = 'table', 'tr', 'td'
end
200 201 202 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 200 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_bad_tags ⇒ Object
109 110 111 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 109 def white_list_sanitizer. end |
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the sanitize
helper.
class Application < Rails::Application
config.action_view. = 'embed', 'object'
end
190 191 192 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 190 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_protocol_separator ⇒ Object
101 102 103 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 101 def sanitized_protocol_separator white_list_sanitizer.protocol_separator end |
#sanitized_protocol_separator=(value) ⇒ Object
137 138 139 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 137 def sanitized_protocol_separator=(value) white_list_sanitizer.protocol_separator = value end |
#sanitized_shorthand_css_properties ⇒ Object
129 130 131 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 129 def sanitized_shorthand_css_properties white_list_sanitizer.shorthand_css_properties end |
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the sanitize
and sanitize_css
helpers.
class Application < Rails::Application
config.action_view.sanitized_shorthand_css_properties = 'expression'
end
240 241 242 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 240 def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end |
#sanitized_uri_attributes ⇒ Object
105 106 107 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 105 def sanitized_uri_attributes white_list_sanitizer.uri_attributes end |
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the sanitize
helper checks for URIs.
class Application < Rails::Application
config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end
180 181 182 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 180 def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end |