Class: Rails::HTML::PermitScrubber
- Inherits:
-
Loofah::Scrubber
- Object
- Loofah::Scrubber
- Rails::HTML::PermitScrubber
- Defined in:
- lib/rails/html/scrubbers.rb
Overview
Rails::HTML::PermitScrubber
Rails::HTML::PermitScrubber
allows you to permit only your own tags and/or attributes.
Rails::HTML::PermitScrubber
can be subclassed to determine:
-
When a node should be skipped via
skip_node?
. -
When a node is allowed via
allowed_node?
. -
When an attribute should be scrubbed via
scrub_attribute?
.
Subclasses don’t need to worry if tags or attributes are set or not. If tags or attributes are not set, Loofah’s behavior will be used. If you override allowed_node?
and no tags are set, it will not be called. Instead Loofahs behavior will be used. Likewise for scrub_attribute?
and attributes respectively.
Text and CDATA nodes are skipped by default. Unallowed elements will be stripped, i.e. element is removed but its subtree kept. Supplied tags and attributes should be Enumerables.
tags=
If set, elements excluded will be stripped. If not, elements are stripped based on Loofahs HTML5::Scrub.allowed_element?
.
attributes=
If set, attributes excluded will be removed. If not, attributes are removed based on Loofahs HTML5::Scrub.scrub_attributes
.
class CommentScrubber < Rails::HTML::PermitScrubber
def initialize
super
self. = %w(form script comment blockquote)
end
def skip_node?(node)
node.text?
end
def scrub_attribute?(name)
name == "style"
end
end
See the documentation for Nokogiri::XML::Node
to understand what’s possible with nodes: nokogiri.org/rdoc/Nokogiri/XML/Node.html
Direct Known Subclasses
Instance Attribute Summary collapse
-
#attributes ⇒ Object
Returns the value of attribute attributes.
-
#prune ⇒ Object
readonly
Returns the value of attribute prune.
-
#tags ⇒ Object
Returns the value of attribute tags.
Instance Method Summary collapse
-
#initialize(prune: false) ⇒ PermitScrubber
constructor
A new instance of PermitScrubber.
- #scrub(node) ⇒ Object
Constructor Details
#initialize(prune: false) ⇒ PermitScrubber
Returns a new instance of PermitScrubber.
52 53 54 55 56 |
# File 'lib/rails/html/scrubbers.rb', line 52 def initialize(prune: false) @prune = prune @direction = @prune ? :top_down : :bottom_up @tags, @attributes = nil, nil end |
Instance Attribute Details
#attributes ⇒ Object
Returns the value of attribute attributes.
50 51 52 |
# File 'lib/rails/html/scrubbers.rb', line 50 def attributes @attributes end |
#prune ⇒ Object (readonly)
Returns the value of attribute prune.
50 51 52 |
# File 'lib/rails/html/scrubbers.rb', line 50 def prune @prune end |
#tags ⇒ Object
Returns the value of attribute tags.
50 51 52 |
# File 'lib/rails/html/scrubbers.rb', line 50 def @tags end |
Instance Method Details
#scrub(node) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/rails/html/scrubbers.rb', line 66 def scrub(node) if Loofah::HTML5::Scrub.cdata_needs_escaping?(node) replacement = Loofah::HTML5::Scrub.cdata_escape(node) node.replace(replacement) return CONTINUE end return CONTINUE if skip_node?(node) unless (node.element? || node.comment?) && keep_node?(node) return STOP unless scrub_node(node) == CONTINUE end scrub_attributes(node) CONTINUE end |