Module: Rails::HTML::Concern::Scrubber::SafeList
- Defined in:
- lib/rails/html/sanitizer.rb
Constant Summary collapse
- DEFAULT_ALLOWED_TAGS =
The default safe list for tags
Set.new([ "a", "abbr", "acronym", "address", "b", "big", "blockquote", "br", "cite", "code", "dd", "del", "dfn", "div", "dl", "dt", "em", "h1", "h2", "h3", "h4", "h5", "h6", "hr", "i", "img", "ins", "kbd", "li", "ol", "p", "pre", "samp", "small", "span", "strong", "sub", "sup", "time", "tt", "ul", "var", ]).freeze
- DEFAULT_ALLOWED_ATTRIBUTES =
The default safe list for attributes
Set.new([ "abbr", "alt", "cite", "class", "datetime", "height", "href", "lang", "name", "src", "title", "width", "xml:lang", ]).freeze
Class Method Summary collapse
Instance Method Summary collapse
- #initialize(prune: false) ⇒ Object
- #sanitize_css(style_string) ⇒ Object
- #scrub(fragment, options = {}) ⇒ Object
Class Method Details
.included(klass) ⇒ Object
141 142 143 144 145 146 147 148 149 |
# File 'lib/rails/html/sanitizer.rb', line 141 def self.included(klass) class << klass attr_accessor :allowed_tags attr_accessor :allowed_attributes end klass. = DEFAULT_ALLOWED_TAGS.dup klass.allowed_attributes = DEFAULT_ALLOWED_ATTRIBUTES.dup end |
Instance Method Details
#initialize(prune: false) ⇒ Object
151 152 153 |
# File 'lib/rails/html/sanitizer.rb', line 151 def initialize(prune: false) @permit_scrubber = PermitScrubber.new(prune: prune) end |
#sanitize_css(style_string) ⇒ Object
168 169 170 |
# File 'lib/rails/html/sanitizer.rb', line 168 def sanitize_css(style_string) Loofah::HTML5::Scrub.scrub_css(style_string) end |
#scrub(fragment, options = {}) ⇒ Object
155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/rails/html/sanitizer.rb', line 155 def scrub(fragment, = {}) if scrubber = [:scrubber] # No duck typing, Loofah ensures subclass of Loofah::Scrubber fragment.scrub!(scrubber) elsif () || allowed_attributes() @permit_scrubber. = () @permit_scrubber.attributes = allowed_attributes() fragment.scrub!(@permit_scrubber) else fragment.scrub!(:strip) end end |