Class: Gollum::Sanitization
- Inherits:
-
Object
- Object
- Gollum::Sanitization
- Defined in:
- lib/gollum-lib/sanitization.rb
Overview
Encapsulate sanitization options.
This class does not yet support all options of Sanitize library. See github.com/rgrove/sanitize/.
Constant Summary collapse
- ELEMENTS =
Default whitelisted elements.
[ 'a', 'abbr', 'acronym', 'address', 'area', 'b', 'big', 'blockquote', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'fieldset', 'font', 'form', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'input', 'ins', 'kbd', 'label', 'legend', 'li', 'map', 'mark', 'menu', 'ol', 'optgroup', 'option', 'p', 'pre', 'q', 's', 'samp', 'select', 'small', 'span', 'strike', 'strong', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'tr', 'tt', 'u', 'ul', 'var' ].freeze
- ATTRIBUTES =
Default whitelisted attributes.
{ 'a' => ['href'], 'img' => ['src'], :all => ['abbr', 'accept', 'accept-charset', 'accesskey', 'action', 'align', 'alt', 'axis', 'border', 'cellpadding', 'cellspacing', 'char', 'charoff', 'class', 'charset', 'checked', 'cite', 'clear', 'cols', 'colspan', 'color', 'compact', 'coords', 'datetime', 'dir', 'disabled', 'enctype', 'for', 'frame', 'headers', 'height', 'hreflang', 'hspace', 'id', 'ismap', 'label', 'lang', 'longdesc', 'maxlength', 'media', 'method', 'multiple', 'name', 'nohref', 'noshade', 'nowrap', 'prompt', 'readonly', 'rel', 'rev', 'rows', 'rowspan', 'rules', 'scope', 'selected', 'shape', 'size', 'span', 'start', 'summary', 'tabindex', 'target', 'title', 'type', 'usemap', 'valign', 'value', 'vspace', 'width'] }.freeze
- PROTOCOLS =
Default whitelisted protocols for URLs.
{ 'a' => { 'href' => ['http', 'https', 'mailto', 'ftp', 'irc', 'apt', :relative] }, 'img' => { 'src' => ['http', 'https', :relative] }, 'form' => { 'action' => ['http', 'https', :relative] } }.freeze
- ADD_ATTRIBUTES =
lambda do |env, node| if (add = env[:config][:add_attributes][node.name]) add.each do |key, value| node[key] = value end end end
- REMOVE_CONTENTS =
Default elements whose contents will be removed in addition to the elements themselve
[ 'script', 'style' ].freeze
- TRANSFORMERS =
Default transformers to force @id attributes with ‘wiki-’ prefix
lambda do |env| node = env[:node] return if env[:is_whitelisted] || !node.element? prefix = env[:config][:id_prefix] found_attrs = %w(id name).select do |key| if (value = node[key]) node[key] = value.gsub(/\A(#{prefix})?/, prefix) end end if found_attrs.size > 0 ADD_ATTRIBUTES.call(env, node) {} end end, lambda do |env| node = env[:node] return unless (value = node['href']) prefix = env[:config][:id_prefix] node['href'] = value.gsub(/\A\#(#{prefix})?/, '#'+prefix) ADD_ATTRIBUTES.call(env, node) {} end ].freeze
Instance Attribute Summary collapse
-
#add_attributes ⇒ Object
readonly
Gets a Hash describing HTML attributes that Sanitize should add.
-
#allow_comments ⇒ Object
writeonly
Sets a boolean determining whether Sanitize allows HTML comments in the output.
-
#attributes ⇒ Object
readonly
Gets a Hash describing which attributes are allowed in which HTML elements.
-
#elements ⇒ Object
readonly
Gets an Array of whitelisted HTML elements.
-
#id_prefix ⇒ Object
Gets or sets a String prefix which is added to ID attributes.
-
#protocols ⇒ Object
readonly
Gets a Hash describing which URI protocols are allowed in HTML attributes.
-
#remove_contents ⇒ Object
readonly
Gets an Array of element names whose contents will be removed in addition to the elements themselves.
-
#transformers ⇒ Object
readonly
Gets a Hash describing which URI protocols are allowed in HTML attributes.
Instance Method Summary collapse
-
#allow_comments? ⇒ Boolean
Determines if Sanitize should allow HTML comments.
-
#history_sanitization ⇒ Object
Modifies the current Sanitization instance to sanitize older revisions of pages.
-
#initialize {|_self| ... } ⇒ Sanitization
constructor
A new instance of Sanitization.
-
#to_hash ⇒ Object
Builds a Hash of options suitable for Sanitize.clean.
-
#to_sanitize ⇒ Object
Builds a Sanitize instance from the current options.
Constructor Details
#initialize {|_self| ... } ⇒ Sanitization
Returns a new instance of Sanitization.
124 125 126 127 128 129 130 131 132 133 134 |
# File 'lib/gollum-lib/sanitization.rb', line 124 def initialize @elements = ELEMENTS.dup @attributes = ATTRIBUTES.dup @protocols = PROTOCOLS.dup @transformers = TRANSFORMERS.dup @add_attributes = {} @remove_contents = REMOVE_CONTENTS.dup @allow_comments = false @id_prefix = '' yield self if block_given? end |
Instance Attribute Details
#add_attributes ⇒ Object (readonly)
Gets a Hash describing HTML attributes that Sanitize should add. Default: {}
114 115 116 |
# File 'lib/gollum-lib/sanitization.rb', line 114 def add_attributes @add_attributes end |
#allow_comments=(value) ⇒ Object (writeonly)
Sets a boolean determining whether Sanitize allows HTML comments in the output. Default: false.
122 123 124 |
# File 'lib/gollum-lib/sanitization.rb', line 122 def allow_comments=(value) @allow_comments = value end |
#attributes ⇒ Object (readonly)
Gets a Hash describing which attributes are allowed in which HTML elements. Default: ATTRIBUTES.
98 99 100 |
# File 'lib/gollum-lib/sanitization.rb', line 98 def attributes @attributes end |
#elements ⇒ Object (readonly)
Gets an Array of whitelisted HTML elements. Default: ELEMENTS.
94 95 96 |
# File 'lib/gollum-lib/sanitization.rb', line 94 def elements @elements end |
#id_prefix ⇒ Object
Gets or sets a String prefix which is added to ID attributes. Default: ”
110 111 112 |
# File 'lib/gollum-lib/sanitization.rb', line 110 def id_prefix @id_prefix end |
#protocols ⇒ Object (readonly)
Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: PROTOCOLS
102 103 104 |
# File 'lib/gollum-lib/sanitization.rb', line 102 def protocols @protocols end |
#remove_contents ⇒ Object (readonly)
Gets an Array of element names whose contents will be removed in addition to the elements themselves. Default: REMOVE_CONTENTS
118 119 120 |
# File 'lib/gollum-lib/sanitization.rb', line 118 def remove_contents @remove_contents end |
#transformers ⇒ Object (readonly)
Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: TRANSFORMERS
106 107 108 |
# File 'lib/gollum-lib/sanitization.rb', line 106 def transformers @transformers end |
Instance Method Details
#allow_comments? ⇒ Boolean
Determines if Sanitize should allow HTML comments.
Returns True if comments are allowed, or False.
139 140 141 |
# File 'lib/gollum-lib/sanitization.rb', line 139 def allow_comments? !!@allow_comments end |
#history_sanitization ⇒ Object
Modifies the current Sanitization instance to sanitize older revisions of pages.
Returns a Sanitization instance.
147 148 149 150 151 |
# File 'lib/gollum-lib/sanitization.rb', line 147 def history_sanitization self.class.new do |sanitize| sanitize.add_attributes['a'] = { 'rel' => 'nofollow' } end end |
#to_hash ⇒ Object
Builds a Hash of options suitable for Sanitize.clean.
Returns a Hash.
156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/gollum-lib/sanitization.rb', line 156 def to_hash { :elements => elements, :attributes => attributes, :protocols => protocols, :add_attributes => add_attributes, :remove_contents => remove_contents, :allow_comments => allow_comments?, :transformers => transformers, :id_prefix => id_prefix } end |
#to_sanitize ⇒ Object
Builds a Sanitize instance from the current options.
Returns a Sanitize instance.
171 172 173 |
# File 'lib/gollum-lib/sanitization.rb', line 171 def to_sanitize Sanitize.new(to_hash) end |