Class: Banzai::Filter::BroadcastMessageSanitizationFilter

Inherits:

BaseSanitizationFilter

Object
HTML::Pipeline::SanitizationFilter
BaseSanitizationFilter
Banzai::Filter::BroadcastMessageSanitizationFilter

show all

Defined in:: lib/banzai/filter/broadcast_message_sanitization_filter.rb

Overview

Sanitize HTML produced by Markdown. Allows styling of links and usage of line breaks.

Extends Banzai::Filter::BaseSanitizationFilter with specific rules.

Constant Summary

Constants inherited from BaseSanitizationFilter

Banzai::Filter::BaseSanitizationFilter::UNSAFE_PROTOCOLS

Constants included from Gitlab::Utils::SanitizeNodeLink

Gitlab::Utils::SanitizeNodeLink::ATTRS_TO_SANITIZE, Gitlab::Utils::SanitizeNodeLink::UNSAFE_PROTOCOLS

Constants included from Concerns::TimeoutFilterHandler

Concerns::TimeoutFilterHandler::COMPLEX_MARKDOWN_MESSAGE, Concerns::TimeoutFilterHandler::RENDER_TIMEOUT, Concerns::TimeoutFilterHandler::SANITIZATION_RENDER_TIMEOUT

Instance Method Summary collapse

#customize_allowlist(allowlist) ⇒ Object

Methods inherited from BaseSanitizationFilter

#allowlist, #call, remove_rel

Methods included from Gitlab::Utils::SanitizeNodeLink

#permit_url?, #remove_unsafe_links, #safe_protocol?, #sanitize_unsafe_links

Methods included from Concerns::TimeoutFilterHandler

Instance Method Details

#customize_allowlist(allowlist) ⇒ `Object`

# File 'lib/banzai/filter/broadcast_message_sanitization_filter.rb', line 9

def customize_allowlist(allowlist)
  allowlist[:elements].push('br')

  allowlist[:attributes]['a'].push('class', 'style')

  allowlist[:css] = { properties: %w[color border background padding margin text-decoration] }

  allowlist
end