Class: Decidim::UserInputScrubber

Inherits:

Rails::Html::PermitScrubber

• Object
• Rails::Html::PermitScrubber
• Decidim::UserInputScrubber

Defined in:

app/scrubbers/decidim/user_input_scrubber.rb

Overview

Use this class as a scrubber to sanitize user input. The default scrubbed provided by Rails does not allow ‘iframe`s, and we’re using them to embed videos, so we need to provide a whole new scrubber.

Example:

sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new)

Lists of default tags and attributes are extracted from stackoverflow.com/a/35073814/2110884.

Instance Method Summary

• #initialize ⇒ UserInputScrubber constructor

  A new instance of UserInputScrubber.

Constructor Details

#initialize ⇒ UserInputScrubber

Returns a new instance of UserInputScrubber.

# File 'app/scrubbers/decidim/user_input_scrubber.rb', line 15

def initialize
  super
  self.tags = custom_allowed_tags
  self.attributes = custom_allowed_attributes
end