Class: SanitizeEmail::Bleach

Inherits:
Object
  • Object
show all
Extended by:
Deprecation
Defined in:
lib/sanitize_email/bleach.rb

Overview

Determines whether to sanitize the headers of an email,

and does so when appropriate.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Deprecation

deprecated, deprecated_alias, deprecation, deprecation_warning_message

Constructor Details

#initialize(*args) ⇒ Bleach

Returns a new instance of Bleach.



91
92
93
 
# File 'lib/sanitize_email/bleach.rb', line 91

def initialize(*args)
  deprecation_message unless args.empty?
end

Instance Attribute Details

#overridden_addressesObject

TODO: Just a stub, not implemented



11
12
13
 
# File 'lib/sanitize_email/bleach.rb', line 11

def overridden_addresses
  @overridden_addresses
end

Class Method Details

.delivering_email(message) ⇒ Object

If all recipient addresses are allow-listed the field is left alone.



15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/sanitize_email/bleach.rb', line 15

def delivering_email(message)
  return unless sanitize_engaged?(message)

  SanitizeEmail::MailHeaderTools
    .add_original_addresses_as_headers(message)
  SanitizeEmail::MailHeaderTools
    .prepend_custom_subject(message)

  overridden = SanitizeEmail::OverriddenAddresses.new(message)

  message.to = overridden.overridden_to
  message.cc = overridden.overridden_cc
  message.bcc = overridden.overridden_bcc

  return if message["personalizations"].nil?

  message["personalizations"].value = overridden.overridden_personalizations
end

.sanitize_engaged?(message) ⇒ Boolean

Will be called by the Hook to determine if an override should occur There are three ways SanitizeEmail can be turned on;

in order of precedence they are:

  1. SanitizeEmail.force_sanitize = true # by default it is nil

Only useful for local context.
Inside a method where you will be sending an email, set

  SanitizeEmail.force_sanitize = true

just prior to delivering it.  Also useful in the console.

  1. If SanitizeEmail seems to not be sanitizing,

    you have probably not registered the interceptor.

SanitizeEmail tries to do this for you.
*Note*: If you are working in an environment that has
        a Mail or Mailer class that uses the register_interceptor API,
        the interceptor will already have been registered.
The gem will probably have already done this for you,
but some really old versions of Rails may need you to do this manually:

  Mail.register_interceptor(SanitizeEmail::Bleach)

Once registered, SanitizeEmail needs to be engaged:

  # in config/initializers/sanitize_email.rb
  SanitizeEmail::Config.configure {|config| config[:engage] = true }

  1. SanitizeEmail::Config.configure do |config|

    config[:activation_proc] = Proc.new { true }

    end

If you don't need to compute anything,
  then don't use the Proc, go with the previous option.

Note: Number 1 is the method used by the SanitizeEmail.sanitary block Note: Number 2 You may need to setup your own register_interceptor

If installed but not configured, sanitize_email DOES NOTHING. Until configured the defaults leave it turned off.

Returns:

  • (Boolean) 


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/sanitize_email/bleach.rb', line 74

def sanitize_engaged?(message)
  # Don't sanitize the message if it will not be delivered
  return false unless message.perform_deliveries

  # Has it been forced via the force_sanitize mattr?
  forced = SanitizeEmail.force_sanitize
  return forced unless forced.nil?

  # Is this particular instance of Bleach engaged
  engaged = SanitizeEmail::Config.config[:engage]
  return engaged unless engaged.nil?

  # Should we sanitize due to the activation_proc?
  SanitizeEmail.activate?(message)
end