Class: Sanitize::CSS

Inherits:
Object
  • Object
show all
Defined in:
lib/sanitize/css.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config = {}) ⇒ CSS

Returns a new Sanitize::CSS object initialized with the settings in config.



77
78
79
80
81
82
83
84
# File 'lib/sanitize/css.rb', line 77

def initialize(config = {})
  @config = Config.merge(Config::DEFAULT[:css], config[:css] || config)

  @at_rules                 = Set.new(@config[:at_rules])
  @at_rules_with_properties = Set.new(@config[:at_rules_with_properties])
  @at_rules_with_styles     = Set.new(@config[:at_rules_with_styles])
  @import_url_validator     = @config[:import_url_validator]
end

Instance Attribute Details

#configObject (readonly)

Returns the value of attribute config.



7
8
9
# File 'lib/sanitize/css.rb', line 7

def config
  @config
end

Class Method Details

.properties(css, config = {}) ⇒ String

Sanitizes inline CSS style properties.

This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use stylesheet.

Examples:

Sanitize::CSS.properties("background: url(foo.png); color: #fff;")

Returns:

  • (String)

    Sanitized CSS properties.



21
22
23
# File 'lib/sanitize/css.rb', line 21

def self.properties(css, config = {})
  self.new(config).properties(css)
end

.stylesheet(css, config = {}) ⇒ String

Sanitizes a full CSS stylesheet.

A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use properties.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

Sanitize::CSS.stylesheet(css, Sanitize::Config::RELAXED)

Returns:

  • (String)

    Sanitized CSS stylesheet.



46
47
48
# File 'lib/sanitize/css.rb', line 46

def self.stylesheet(css, config = {})
  self.new(config).stylesheet(css)
end

.tree!(tree, config = {}) ⇒ Array

Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

tree = Crass.parse(css)
Sanitize::CSS.tree!(tree, Sanitize::Config::RELAXED)

Returns:

  • (Array)

    Sanitized Crass CSS parse tree.



69
70
71
# File 'lib/sanitize/css.rb', line 69

def self.tree!(tree, config = {})
  self.new(config).tree!(tree)
end

Instance Method Details

#properties(css) ⇒ String

Sanitizes inline CSS style properties.

This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use #stylesheet.

Examples:

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
scss.properties("background: url(foo.png); color: #fff;")

Returns:

  • (String)

    Sanitized CSS properties.



97
98
99
100
101
102
103
104
# File 'lib/sanitize/css.rb', line 97

def properties(css)
  tree = Crass.parse_properties(css,
    :preserve_comments => @config[:allow_comments],
    :preserve_hacks    => @config[:allow_hacks])

  tree!(tree)
  Crass::Parser.stringify(tree)
end

#stylesheet(css) ⇒ String

Sanitizes a full CSS stylesheet.

A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use #properties.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
scss.stylesheet(css)

Returns:

  • (String)

    Sanitized CSS stylesheet.



128
129
130
131
132
133
134
135
# File 'lib/sanitize/css.rb', line 128

def stylesheet(css)
  tree = Crass.parse(css,
    :preserve_comments => @config[:allow_comments],
    :preserve_hacks    => @config[:allow_hacks])

  tree!(tree)
  Crass::Parser.stringify(tree)
end

#tree!(tree) ⇒ Array

Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
tree = Crass.parse(css)

scss.tree!(tree)

Returns:

  • (Array)

    Sanitized Crass CSS parse tree.



158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# File 'lib/sanitize/css.rb', line 158

def tree!(tree)
  preceded_by_property = false

  tree.map! do |node|
    next nil if node.nil?

    case node[:node]
    when :at_rule
      preceded_by_property = false
      next at_rule!(node)

    when :comment
      next node if @config[:allow_comments]

    when :property
      prop = property!(node)
      preceded_by_property = !prop.nil?
      next prop

    when :semicolon
      # Only preserve the semicolon if it was preceded by an allowlisted
      # property. Otherwise, omit it in order to prevent redundant semicolons.
      if preceded_by_property
        preceded_by_property = false
        next node
      end

    when :style_rule
      preceded_by_property = false
      tree!(node[:children])
      next node

    when :whitespace
      next node
    end

    nil
  end

  tree
end