Class: Sanitize::CSS
- Inherits:
-
Object
- Object
- Sanitize::CSS
- Defined in:
- lib/sanitize/css.rb
Instance Attribute Summary collapse
-
#config ⇒ Object
readonly
Returns the value of attribute config.
Class Method Summary collapse
-
.properties(css, config = {}) ⇒ String
Sanitizes inline CSS style properties.
-
.stylesheet(css, config = {}) ⇒ String
Sanitizes a full CSS stylesheet.
-
.tree!(tree, config = {}) ⇒ Array
Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.
Instance Method Summary collapse
-
#initialize(config = {}) ⇒ CSS
constructor
Returns a new Sanitize::CSS object initialized with the settings in config.
-
#properties(css) ⇒ String
Sanitizes inline CSS style properties.
-
#stylesheet(css) ⇒ String
Sanitizes a full CSS stylesheet.
-
#tree!(tree) ⇒ Array
Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.
Constructor Details
#initialize(config = {}) ⇒ CSS
Returns a new Sanitize::CSS object initialized with the settings in config.
77 78 79 80 81 82 83 84 |
# File 'lib/sanitize/css.rb', line 77 def initialize(config = {}) @config = Config.merge(Config::DEFAULT[:css], config[:css] || config) @at_rules = Set.new(@config[:at_rules]) @at_rules_with_properties = Set.new(@config[:at_rules_with_properties]) @at_rules_with_styles = Set.new(@config[:at_rules_with_styles]) @import_url_validator = @config[:import_url_validator] end |
Instance Attribute Details
#config ⇒ Object (readonly)
Returns the value of attribute config.
7 8 9 |
# File 'lib/sanitize/css.rb', line 7 def config @config end |
Class Method Details
.properties(css, config = {}) ⇒ String
Sanitizes inline CSS style properties.
This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use stylesheet.
21 22 23 |
# File 'lib/sanitize/css.rb', line 21 def self.properties(css, config = {}) self.new(config).properties(css) end |
.stylesheet(css, config = {}) ⇒ String
Sanitizes a full CSS stylesheet.
A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use properties.
46 47 48 |
# File 'lib/sanitize/css.rb', line 46 def self.stylesheet(css, config = {}) self.new(config).stylesheet(css) end |
.tree!(tree, config = {}) ⇒ Array
Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.
69 70 71 |
# File 'lib/sanitize/css.rb', line 69 def self.tree!(tree, config = {}) self.new(config).tree!(tree) end |
Instance Method Details
#properties(css) ⇒ String
Sanitizes inline CSS style properties.
This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use #stylesheet.
97 98 99 100 101 102 103 104 |
# File 'lib/sanitize/css.rb', line 97 def properties(css) tree = Crass.parse_properties(css, :preserve_comments => @config[:allow_comments], :preserve_hacks => @config[:allow_hacks]) tree!(tree) Crass::Parser.stringify(tree) end |
#stylesheet(css) ⇒ String
Sanitizes a full CSS stylesheet.
A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use #properties.
128 129 130 131 132 133 134 135 |
# File 'lib/sanitize/css.rb', line 128 def stylesheet(css) tree = Crass.parse(css, :preserve_comments => @config[:allow_comments], :preserve_hacks => @config[:allow_hacks]) tree!(tree) Crass::Parser.stringify(tree) end |
#tree!(tree) ⇒ Array
Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.
158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 |
# File 'lib/sanitize/css.rb', line 158 def tree!(tree) preceded_by_property = false tree.map! do |node| next nil if node.nil? case node[:node] when :at_rule preceded_by_property = false next at_rule!(node) when :comment next node if @config[:allow_comments] when :property prop = property!(node) preceded_by_property = !prop.nil? next prop when :semicolon # Only preserve the semicolon if it was preceded by an allowlisted # property. Otherwise, omit it in order to prevent redundant semicolons. if preceded_by_property preceded_by_property = false next node end when :style_rule preceded_by_property = false tree!(node[:children]) next node when :whitespace next node end nil end tree end |