Class: Gollum::Sanitization

Inherits:
Object
  • Object
show all
Defined in:
lib/gollum/sanitization.rb

Overview

Encapsulate sanitization options.

This class does not yet support all options of Sanitize library. See github.com/rgrove/sanitize/.

Constant Summary collapse

ELEMENTS =

Default whitelisted elements.

[
  'a', 'abbr', 'acronym', 'address', 'area', 'b', 'big',
  'blockquote', 'br', 'button', 'caption', 'center', 'cite',
  'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir',
  'div', 'dl', 'dt', 'em', 'fieldset', 'font', 'form', 'h1',
  'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'input',
  'ins', 'kbd', 'label', 'legend', 'li', 'map', 'menu',
  'ol', 'optgroup', 'option', 'p', 'pre', 'q', 's', 'samp',
  'select', 'small', 'span', 'strike', 'strong', 'sub',
  'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th',
  'thead', 'tr', 'tt', 'u', 'ul', 'var'
].freeze
ATTRIBUTES =

Default whitelisted attributes.

{
  'a'   => ['href'],
  'img' => ['src'],
  :all  => ['abbr', 'accept', 'accept-charset',
            'accesskey', 'action', 'align', 'alt', 'axis',
            'border', 'cellpadding', 'cellspacing', 'char',
            'charoff', 'class', 'charset', 'checked', 'cite',
            'clear', 'cols', 'colspan', 'color',
            'compact', 'coords', 'datetime', 'dir',
            'disabled', 'enctype', 'for', 'frame',
            'headers', 'height', 'hreflang',
            'hspace', 'ismap', 'label', 'lang',
            'longdesc', 'maxlength', 'media', 'method',
            'multiple', 'name', 'nohref', 'noshade',
            'nowrap', 'prompt', 'readonly', 'rel', 'rev',
            'rows', 'rowspan', 'rules', 'scope',
            'selected', 'shape', 'size', 'span',
            'start', 'summary', 'tabindex', 'target',
            'title', 'type', 'usemap', 'valign', 'value',
            'vspace', 'width']
}.freeze
PROTOCOLS =

Default whitelisted protocols for URLs.

{
  'a'   => {'href' => ['http', 'https', 'mailto', :relative]},
  'img' => {'src'  => ['http', 'https', :relative]}
}.freeze
ADD_ATTRIBUTES =
lambda do |env, node|
  if add = env[:config][:add_attributes][node.name]
    add.each do |key, value|
      node[key] = value
    end
  end
end
TRANSFORMERS =

Default transformers to force @id attributes with ‘wiki-’ prefix

lambda do |env|
    node = env[:node]
    return if env[:is_whitelisted] || !node.element?
    prefix = env[:config][:id_prefix]
    found_attrs = %w(id name).select do |key|
      if value = node[key]
        node[key] = value.gsub(/\A(#{prefix})?/, prefix)
      end
    end
    if found_attrs.size > 0
      ADD_ATTRIBUTES.call(env, node)
      {}
    end
  end,
  lambda do |env|
    node = env[:node]
    return unless value = node['href']
    prefix = env[:config][:id_prefix]
    node['href'] = value.gsub(/\A\#(#{prefix})?/, '#'+prefix)
    ADD_ATTRIBUTES.call(env, node)
    {}
  end
].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize {|_self| ... } ⇒ Sanitization

Returns a new instance of Sanitization.

Yields:

  • (_self)

Yield Parameters:



111
112
113
114
115
116
117
118
119
120
# File 'lib/gollum/sanitization.rb', line 111

def initialize
  @elements       = ELEMENTS
  @attributes     = ATTRIBUTES
  @protocols      = PROTOCOLS
  @transformers   = TRANSFORMERS
  @add_attributes = {}
  @allow_comments = false
  @id_prefix      = 'wiki-'
  yield self if block_given?
end

Instance Attribute Details

#add_attributesObject (readonly)

Gets a Hash describing HTML attributes that Sanitize should add. Default: {}



105
106
107
# File 'lib/gollum/sanitization.rb', line 105

def add_attributes
  @add_attributes
end

#allow_comments=(value) ⇒ Object (writeonly)

Sets a boolean determining whether Sanitize allows HTML comments in the output. Default: false.



109
110
111
# File 'lib/gollum/sanitization.rb', line 109

def allow_comments=(value)
  @allow_comments = value
end

#attributesObject (readonly)

Gets a Hash describing which attributes are allowed in which HTML elements. Default: ATTRIBUTES.



89
90
91
# File 'lib/gollum/sanitization.rb', line 89

def attributes
  @attributes
end

#elementsObject (readonly)

Gets an Array of whitelisted HTML elements. Default: ELEMENTS.



85
86
87
# File 'lib/gollum/sanitization.rb', line 85

def elements
  @elements
end

#id_prefixObject

Gets or sets a String prefix which is added to ID attributes. Default: ‘wiki-’



101
102
103
# File 'lib/gollum/sanitization.rb', line 101

def id_prefix
  @id_prefix
end

#protocolsObject (readonly)

Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: PROTOCOLS



93
94
95
# File 'lib/gollum/sanitization.rb', line 93

def protocols
  @protocols
end

#transformersObject (readonly)

Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: TRANSFORMERS



97
98
99
# File 'lib/gollum/sanitization.rb', line 97

def transformers
  @transformers
end

Instance Method Details

#allow_comments?Boolean

Determines if Sanitize should allow HTML comments.

Returns True if comments are allowed, or False.

Returns:

  • (Boolean)


125
126
127
# File 'lib/gollum/sanitization.rb', line 125

def allow_comments?
  !!@allow_comments
end

#history_sanitizationObject

Modifies the current Sanitization instance to sanitize older revisions of pages.

Returns a Sanitization instance.



133
134
135
136
137
# File 'lib/gollum/sanitization.rb', line 133

def history_sanitization
  self.class.new do |sanitize|
    sanitize.add_attributes['a'] = {'rel' => 'nofollow'}
  end
end

#to_hashObject

Builds a Hash of options suitable for Sanitize.clean.

Returns a Hash.



142
143
144
145
146
147
148
149
150
151
# File 'lib/gollum/sanitization.rb', line 142

def to_hash
  { :elements       => elements,
    :attributes     => attributes,
    :protocols      => protocols,
    :add_attributes => add_attributes,
    :allow_comments => allow_comments?,
    :transformers   => transformers,
    :id_prefix      => id_prefix
  }
end

#to_sanitizeObject

Builds a Sanitize instance from the current options.

Returns a Sanitize instance.



156
157
158
# File 'lib/gollum/sanitization.rb', line 156

def to_sanitize
  Sanitize.new(to_hash)
end