Module: Sanitize::Rails::Engine

Extended by:

Engine

Included in:

Engine

Defined in:

lib/sanitize/rails/engine.rb

Instance Method Summary

• #callback_for(options) ⇒ Object

  :nodoc:.

• #clean(string) ⇒ Object

  Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`.

• #clean!(string) ⇒ Object

  Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`.

• #cleaner ⇒ Object

  Returns a memoized instance of the Engine with the configuration passed to the configure method or with the ActionView’s default config.

• #config ⇒ Object
• #configure(config) ⇒ Object

  Changes the Sanitizer configuration.

• #method_for(fields) ⇒ Object

  :nodoc:.

Instance Method Details

#callback_for(options) ⇒ Object

:nodoc:

# File 'lib/sanitize/rails/engine.rb', line 68

def callback_for(options) #:nodoc:
  point = (options[:on] || 'save').to_s

  unless %w( save create ).include?(point)
    raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create"
  end

  "before_#{point}".intern
end

#clean(string) ⇒ Object

Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`

Ensuring this methods return instances of ActiveSupport::SafeBuffer means that text passed through ‘Sanitize::Rails::Engine.clean` will not be escaped by ActionView’s XSS filtering utilities.

# File 'lib/sanitize/rails/engine.rb', line 57

def clean(string)
  ::ActiveSupport::SafeBuffer.new cleaned_fragment(string)
end

#clean!(string) ⇒ Object

Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`

# File 'lib/sanitize/rails/engine.rb', line 63

def clean!(string)
  return '' if string.nil?
  string.replace cleaned_fragment(string)
end

#cleaner ⇒ Object

Returns a memoized instance of the Engine with the configuration passed to the configure method or with the ActionView’s default config

# File 'lib/sanitize/rails/engine.rb', line 47

def cleaner
  @_cleaner ||= ::Sanitize.new(config)
end

#config ⇒ Object

# File 'lib/sanitize/rails/engine.rb', line 36

def config
  @_config ||= ::Sanitize::Config::BASIC.dup.tap do |config|
    config[:entities_whitelist] ||= {}
  end.freeze
end

#configure(config) ⇒ Object

Changes the Sanitizer configuration.

# File 'lib/sanitize/rails/engine.rb', line 8

def configure(config)
  @_config = config.freeze
  @_cleaner = nil
end

#method_for(fields) ⇒ Object

:nodoc:

# File 'lib/sanitize/rails/engine.rb', line 78

def method_for(fields) #:nodoc:
  "sanitize_#{fields.join('_')}".intern
end