Class: Qti::Sanitizer

Inherits:

Object

Object
Qti::Sanitizer

Defined in:: lib/qti/sanitizer.rb

Constant Summary collapse

ELEMENTS_REMAP =

{
  'prompt' => 'div',
  'simpleBlock' => 'div',
  'simpleInline' => 'span',
  'atomicBlock' => 'div',
  'atomicInline' => 'span'
}.freeze

PROTOCOLS =

['http', 'https', :relative].freeze

FILTER_TAGS =

%w[iframe object embed].freeze

CONFIG =

{
  elements: FILTER_TAGS,
  protocols:
    {
      'iframe' => { 'src' => PROTOCOLS },
      'object' => { 'src' => PROTOCOLS, 'data' => PROTOCOLS },
      'embed' => { 'src' => PROTOCOLS }
    }.freeze,
  attributes:
    {
      'object' => %w[src width height style data type classid codebase],
      'embed' => %w[name src type allowfullscreen pluginspage wmode
                    allowscriptaccess width height],
      'iframe' => %w[src width height name align frameborder scrolling sandbox
                     allowfullscreen webkitallowfullscreen mozallowfullscreen
                     allow] # TODO: remove explicit allow with domain whitelist account setting
    }.freeze
}.freeze

Instance Method Summary collapse

#clean(html) ⇒ Object

Instance Method Details

#clean(html) ⇒ `Object`



38
39
40

# File 'lib/qti/sanitizer.rb', line 38

def clean(html)
  Sanitize.fragment(html, sanitize_config)
end

Class: Qti::Sanitizer

Constant Summary collapse

Instance Method Summary collapse

Instance Method Details

#clean(html) ⇒ Object

#clean(html) ⇒ `Object`