Class: Dandruff::Sanitizer

Inherits:

Object

• Object
• Dandruff::Sanitizer

Defined in:

lib/dandruff.rb

Overview

Main sanitizer class handling HTML sanitization logic

This class manages the core sanitization process, configuration, and hooks. It parses HTML, removes dangerous elements and attributes, and serializes the result.

Constant Summary

MATH_SVG_TAGS =

%w[math svg].freeze

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #hooks ⇒ Object readonly

  Returns the value of attribute hooks.

• #removed ⇒ Object readonly

  Returns the value of attribute removed.

Instance Method Summary

• #add_hook(entry_point, &hook_function) ⇒ Object

  Hook management.

• #clear_config ⇒ Object

  Clears current configuration, resetting to defaults.

• #configure {|config| ... } ⇒ Sanitizer

  Configures the sanitizer with a block.

• #initialize(config = nil) {|config| ... } ⇒ Sanitizer constructor

  Initializes a new sanitizer instance.

• #remove_all_hooks ⇒ Object
• #remove_hook(entry_point, hook_function = nil) ⇒ Object
• #remove_hooks(entry_point) ⇒ Object
• #sanitize(dirty, cfg = {}) ⇒ String, Nokogiri::XML::Document (also: #scrub)

  Main sanitization method.

• #set_config(cfg = {}) ⇒ Object

  Sets configuration for the sanitizer.

• #supported? ⇒ Boolean

  Checks if the current environment supports Dandruff functionality.

Constructor Details

#initialize(config = nil) {|config| ... } ⇒ Sanitizer

Initializes a new sanitizer instance

Parameters:

• config (Config) (defaults to: nil) —

  optional configuration object

Yields:

• (config) —

  optional block to configure instance config

# File 'lib/dandruff.rb', line 99

def initialize(config = nil)
  @removed = []
  @config = build_config(config)
  @hooks = create_hooks_map
  @is_supported = check_support
  yield(@config) if block_given?
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/dandruff.rb', line 93

def config
  @config
end

#hooks ⇒ Object (readonly)

Returns the value of attribute hooks.

# File 'lib/dandruff.rb', line 93

def hooks
  @hooks
end

#removed ⇒ Object (readonly)

Returns the value of attribute removed.

# File 'lib/dandruff.rb', line 93

def removed
  @removed
end

Instance Method Details

#add_hook(entry_point, &hook_function) ⇒ Object

Hook management

# File 'lib/dandruff.rb', line 108

def add_hook(entry_point, &hook_function)
  return unless hook_function.is_a?(Proc)

  @hooks[entry_point] ||= []
  @hooks[entry_point] << hook_function
end

#clear_config ⇒ Object

Clears current configuration, resetting to defaults

# File 'lib/dandruff.rb', line 161

def clear_config
  @config = parse_config({})
end

#configure {|config| ... } ⇒ Sanitizer

Configures the sanitizer with a block

Yields:

• (config) —

  the configuration object to modify

Returns:

• (Sanitizer) —

  the sanitizer instance

# File 'lib/dandruff.rb', line 155

def configure
  yield(@config) if block_given?
  self
end

#remove_all_hooks ⇒ Object

# File 'lib/dandruff.rb', line 133

def remove_all_hooks
  @hooks = create_hooks_map
end

#remove_hook(entry_point, hook_function = nil) ⇒ Object

# File 'lib/dandruff.rb', line 115

def remove_hook(entry_point, hook_function = nil)
  arr = @hooks[entry_point]
  return nil unless arr

  if hook_function
    idx = arr.rindex(hook_function)
    return nil unless idx

    arr.delete_at(idx)
  else
    arr.pop
  end
end

#remove_hooks(entry_point) ⇒ Object

# File 'lib/dandruff.rb', line 129

def remove_hooks(entry_point)
  @hooks[entry_point] = []
end

#sanitize(dirty, cfg = {}) ⇒ String, Nokogiri::XML::Document Also known as: scrub

Main sanitization method

Parses the input HTML, sanitizes elements and attributes, and returns clean HTML.

Parameters:

• dirty (String, Nokogiri::XML::Node) —

  the input to sanitize

• cfg (Hash) (defaults to: {}) —

  optional configuration override

Returns:

• (String, Nokogiri::XML::Document) —

  sanitized HTML or DOM

# File 'lib/dandruff.rb', line 172

def sanitize(dirty, cfg = {})
  return dirty unless supported?

  cfg.empty? ? ensure_config : set_config(cfg)
  @removed = []
  return '' if dirty.nil?

  # Handle empty strings - still process through DOM if return_dom is enabled
  if dirty.to_s.strip.empty?
    if @config.return_dom
      return parse_html('')
    elsif @config.return_dom_fragment
      return Nokogiri::HTML5::DocumentFragment.parse('')
    else
      return dirty.to_s
    end
  end

  dirty = dirty.to_s unless dirty.is_a?(String)
  doc = parse_html(dirty)
  sanitize_document(doc)
  output = serialize_html(doc)

  output = resanitize_until_stable(output) if @config.sanitize_until_stable

  if @config.return_dom
    return parse_html(output)
  elsif @config.return_dom_fragment
    return Nokogiri::HTML5::DocumentFragment.parse(output)
  end

  output
end

#set_config(cfg = {}) ⇒ Object

Sets configuration for the sanitizer

Parameters:

• cfg (Hash) (defaults to: {}) —

  configuration options

# File 'lib/dandruff.rb', line 147

def set_config(cfg = {})
  @config = parse_config(cfg)
end

#supported? ⇒ Boolean

Checks if the current environment supports Dandruff functionality

Returns:

• (Boolean) —

  true if Nokogiri is available, false otherwise

# File 'lib/dandruff.rb', line 140

def supported?
  @is_supported
end