Module: Sanitize::Rails::Engine
Instance Method Summary collapse
-
#callback_for(options) ⇒ Object
:nodoc:.
-
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`.
-
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`.
-
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the
configure
method or with the ActionView’s default config. - #config ⇒ Object
-
#configure(config) ⇒ Object
Changes the Sanitizer configuration.
-
#method_for(fields) ⇒ Object
:nodoc:.
Instance Method Details
#callback_for(options) ⇒ Object
:nodoc:
68 69 70 71 72 73 74 75 76 |
# File 'lib/sanitize/rails/engine.rb', line 68 def callback_for() #:nodoc: point = ([:on] || 'save').to_s unless %w( save create ).include?(point) raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create" end "before_#{point}".intern end |
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`
Ensuring this methods return instances of ActiveSupport::SafeBuffer means that text passed through ‘Sanitize::Rails::Engine.clean` will not be escaped by ActionView’s XSS filtering utilities.
57 58 59 |
# File 'lib/sanitize/rails/engine.rb', line 57 def clean(string) ::ActiveSupport::SafeBuffer.new cleaned_fragment(string) end |
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`
63 64 65 66 |
# File 'lib/sanitize/rails/engine.rb', line 63 def clean!(string) return '' if string.nil? string.replace cleaned_fragment(string) end |
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the configure
method or with the ActionView’s default config
47 48 49 |
# File 'lib/sanitize/rails/engine.rb', line 47 def cleaner @_cleaner ||= ::Sanitize.new(config) end |
#config ⇒ Object
36 37 38 39 40 |
# File 'lib/sanitize/rails/engine.rb', line 36 def config @_config ||= ::Sanitize::Config::BASIC.dup.tap do |config| config[:entities_whitelist] ||= {} end.freeze end |
#configure(config) ⇒ Object
Changes the Sanitizer configuration.
8 9 10 11 |
# File 'lib/sanitize/rails/engine.rb', line 8 def configure(config) @_config = config.freeze @_cleaner = nil end |
#method_for(fields) ⇒ Object
:nodoc:
78 79 80 |
# File 'lib/sanitize/rails/engine.rb', line 78 def method_for(fields) #:nodoc: "sanitize_#{fields.join('_')}".intern end |