Module: ActionView::Helpers::SanitizeHelper::ClassMethods
- Defined in:
- lib/action_view/helpers/sanitize_helper.rb
Overview
:nodoc:
Class Method Summary collapse
Instance Method Summary collapse
-
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by
strip_tags
. -
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by
strip_links
. -
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the
sanitize
helper. -
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the
sanitize
andsanitize_css
helpers. -
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and
sanitize_css
heleprs. -
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the
sanitize
helper. -
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the
sanitize
helper. -
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the
sanitize
helper. -
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the
sanitize
andsanitize_css
helpers. -
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the
sanitize
helper checks for URIs. -
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and
sanitize_css
.
Class Method Details
.extended(base) ⇒ Object
99 100 101 102 103 104 105 106 107 108 109 110 111 112 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 99 def self.extended(base) class << base attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer # we want these to be class methods on ActionView::Base, they'll get mattr_readers for these below. helper_def = [:sanitized_protocol_separator, :sanitized_uri_attributes, :sanitized_bad_tags, :sanitized_allowed_tags, :sanitized_allowed_attributes, :sanitized_allowed_css_properties, :sanitized_allowed_css_keywords, :sanitized_shorthand_css_properties, :sanitized_allowed_protocols, :sanitized_protocol_separator=].collect! do |prop| prop = prop.to_s "def #{prop}(#{:value if prop =~ /=$/}) white_list_sanitizer.#{prop.sub /sanitized_/, ''} #{:value if prop =~ /=$/} end" end.join("\n") eval helper_def end end |
Instance Method Details
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by strip_tags
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.full_sanitizer = MySpecialSanitizer.new
end
121 122 123 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 121 def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end |
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by strip_links
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.link_sanitizer = MySpecialSanitizer.new
end
132 133 134 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 132 def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end |
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
end
183 184 185 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 183 def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end |
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_keywords = 'expression'
end
203 204 205 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 203 def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end |
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and sanitize_css
heleprs.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_properties = 'expression'
end
193 194 195 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 193 def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end |
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end
223 224 225 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 223 def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'table', 'tr', 'td'
end
173 174 175 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 173 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'embed', 'object'
end
163 164 165 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 163 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_shorthand_css_properties = 'expression'
end
213 214 215 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 213 def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end |
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the sanitize
helper checks for URIs.
Rails::Initializer.run do |config|
config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end
153 154 155 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 153 def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end |
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end
143 144 145 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 143 def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end |