Module: MarkupAttributes
- Defined in:
- lib/markup_attributes.rb,
lib/markup_attributes/engine.rb,
lib/markup_attributes/version.rb
Overview
The main behaviour for defining markup attributes
To enable this for your models, either extend it directly into one or more models, or extend it into ‘ApplicationRecord` to include it everywhere
Markup constraints
Markup content typically comes from users of the app, and as with any user-generated content, we probably can’t allow them to insert any old HTML into our rendered pages.
The main benefit of this approach is that it allows us to declare constraints on the types of markup we want to deal with in a single place, but without coupling rendering logic into the model itself.
Those constraints are grouped into certain types of elements:
- Emphasis (:emphasis)
-
allow ‘i` and `em` tags.
- Links (:links)
-
allow ‘a` tags, but mark them as `nofollow` so that they are not useful for spammers.
- Images (:images)
-
allow ‘img` tags.
Automatic sanitisation
All the HTML generated is automatically run through Rails’ own sanitisation mechanism, which means that things like ‘<script>alert();</script>` will automatically either be sanitised into a non-running piece of content, or entirely removed, depending on the options given.
Defined Under Namespace
Classes: Engine, MarkupString, MarkupType
Constant Summary collapse
- VERSION =
'0.1.2'
Instance Method Summary collapse
-
#markdown_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing Markdown markup.
-
#markup_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing markup content.
-
#textile_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing Textile markup.
Instance Method Details
#markdown_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing Markdown markup.
77 78 79 |
# File 'lib/markup_attributes.rb', line 77 def markdown_attribute(*attribute_names, **) markup_attribute(*attribute_names, **.merge(markup: :markdown)) end |
#markup_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing markup content
Markup types
The following types can be provided in either the :allow
or :deny
options:
- :emphasis
-
i
andem
tags - :links
-
a
tags (will all have rel=nofollow automatically set) - :images
-
img
tags
95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/markup_attributes.rb', line 95 def markup_attribute(*attribute_names, **) raise "must define :markup option" unless [:markup] .deep_symbolize_keys! [:allow] = Array.wrap([:allow] || :all).map(&:to_sym) [:deny] = Array.wrap([:deny]).map(&:to_sym) .freeze attribute_registry_type = get_type_for() attribute_names.each do |attribute_name| if respond_to?(:translates?) && translates? && translated_attribute_names.include?(attribute_name) translation_class.attribute attribute_name, attribute_registry_type else attribute attribute_name, attribute_registry_type end end end |
#textile_attribute(*attribute_names, **options) ⇒ Object
Declare one or more attributes as containing Textile markup.
71 72 73 |
# File 'lib/markup_attributes.rb', line 71 def textile_attribute(*attribute_names, **) markup_attribute(*attribute_names, **.merge(markup: :textile)) end |