Class: Sanitize::CSS

Inherits:

Object

• Object
• Sanitize::CSS

Defined in:

lib/sanitize/css.rb

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

Class Method Summary

• .properties(css, config = {}) ⇒ String

  Sanitizes inline CSS style properties.

• .stylesheet(css, config = {}) ⇒ String

  Sanitizes a full CSS stylesheet.

• .tree!(tree, config = {}) ⇒ Array

  Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Instance Method Summary

• #initialize(config = {}) ⇒ CSS constructor

  Returns a new Sanitize::CSS object initialized with the settings in config.

• #properties(css) ⇒ String

  Sanitizes inline CSS style properties.

• #stylesheet(css) ⇒ String

  Sanitizes a full CSS stylesheet.

• #tree!(tree) ⇒ Array

  Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Constructor Details

#initialize(config = {}) ⇒ CSS

Returns a new Sanitize::CSS object initialized with the settings in config.

# File 'lib/sanitize/css.rb', line 78

def initialize(config = {})
  @config = Config.merge(Config::DEFAULT[:css], config[:css] || config)

  @at_rules = Set.new(@config[:at_rules])
  @at_rules_with_properties = Set.new(@config[:at_rules_with_properties])
  @at_rules_with_styles = Set.new(@config[:at_rules_with_styles])
  @import_url_validator = @config[:import_url_validator]
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/sanitize/css.rb', line 8

def config
  @config
end

Class Method Details

.properties(css, config = {}) ⇒ String

Sanitizes inline CSS style properties.

This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use stylesheet.

Examples:

Sanitize::CSS.properties("background: url(foo.png); color: #fff;")

# File 'lib/sanitize/css.rb', line 22

def self.properties(css, config = {})
  new(config).properties(css)
end

.stylesheet(css, config = {}) ⇒ String

Sanitizes a full CSS stylesheet.

A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use properties.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

Sanitize::CSS.stylesheet(css, Sanitize::Config::RELAXED)

# File 'lib/sanitize/css.rb', line 47

def self.stylesheet(css, config = {})
  new(config).stylesheet(css)
end

.tree!(tree, config = {}) ⇒ Array

Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

tree = Crass.parse(css)
Sanitize::CSS.tree!(tree, Sanitize::Config::RELAXED)

# File 'lib/sanitize/css.rb', line 70

def self.tree!(tree, config = {})
  new(config).tree!(tree)
end

Instance Method Details

#properties(css) ⇒ String

Sanitizes inline CSS style properties.

This is most useful for sanitizing non-stylesheet fragments of CSS like you would find in the ‘style` attribute of an HTML element. To sanitize a full CSS stylesheet, use #stylesheet.

Examples:

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
scss.properties("background: url(foo.png); color: #fff;")

# File 'lib/sanitize/css.rb', line 98

def properties(css)
  tree = Crass.parse_properties(css,
    preserve_comments: @config[:allow_comments],
    preserve_hacks: @config[:allow_hacks])

  tree!(tree)
  Crass::Parser.stringify(tree)
end

#stylesheet(css) ⇒ String

Sanitizes a full CSS stylesheet.

A stylesheet may include selectors, at-rules, and comments. To sanitize only inline style properties such as the contents of an HTML ‘style` attribute, use #properties.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
scss.stylesheet(css)

# File 'lib/sanitize/css.rb', line 129

def stylesheet(css)
  tree = Crass.parse(css,
    preserve_comments: @config[:allow_comments],
    preserve_hacks: @config[:allow_hacks])

  tree!(tree)
  Crass::Parser.stringify(tree)
end

#tree!(tree) ⇒ Array

Sanitizes the given Crass CSS parse tree and all its children, modifying it in place.

Examples:

css = %[
  .foo {
    background: url(foo.png);
    color: #fff;
  }

  #bar {
    font: 42pt 'Comic Sans MS';
  }
]

scss = Sanitize::CSS.new(Sanitize::Config::RELAXED)
tree = Crass.parse(css)

scss.tree!(tree)

# File 'lib/sanitize/css.rb', line 159

def tree!(tree)
  preceded_by_property = false

  tree.map! do |node|
    next nil if node.nil?

    case node[:node]
    when :at_rule
      preceded_by_property = false
      next at_rule!(node)

    when :comment
      next node if @config[:allow_comments]

    when :property
      prop = property!(node)
      preceded_by_property = !prop.nil?
      next prop

    when :semicolon
      # Only preserve the semicolon if it was preceded by an allowlisted
      # property. Otherwise, omit it in order to prevent redundant
      # semicolons.
      if preceded_by_property
        preceded_by_property = false
        next node
      end

    when :style_rule
      preceded_by_property = false
      tree!(node[:children])
      next node

    when :whitespace
      next node
    end

    nil
  end

  tree
end