Module: Shamu::Attributes::HtmlSanitation
- Extended by:
- ActiveSupport::Concern
- Included in:
- Entities::HtmlSanitation
- Defined in:
- lib/shamu/attributes/html_sanitation.rb
Overview
Adds an HTML sanitation option to attributes. When present, string values will be sanitized when the attribute is read.
The raw unfiltered value is always available as #{ attribute }_raw
.
Defined Under Namespace
Classes: BodyScrubber, NoneScrubber, PermitScrubber, SafeScrubber, SimpleScrubber
Constant Summary collapse
- STANDARD_FILTER_METHODS =
The standard HTML sanitation filter methods.
[ :none, # Don't allow any HTML :simple, # Allow very simple HTML. See {#simple_html_sanitize}. :body, # Allow subset useful for body copy. See # {#body_html_sanitize}. :safe, # Allow a broad subset of HTML tags and attributes. See # {#safe_html_sanitize}. :allow # Allow all HTML. ].freeze
- SIMPLE_TAGS =
Tags safe for simple text.
%w( B I STRONG EM ).freeze
- BODY_TAGS =
Tags safe for body text.
%w( B BR CODE DIV EM H2 H3 H4 H5 H6 HR I LI OL P PRE SPAN STRONG U UL ).freeze
- UNSAFE_TAGS =
Tags that are not safe.
%w( FORM SCRIPT IFRAME FRAME ).freeze
Class Method Summary collapse
-
.attribute(name, *args, **options, &block) ⇒ self
Define a new attribute for the class.
Instance Method Summary collapse
-
#allow_html_sanitize(value) ⇒ String
Does not perform any sanitization of the value.
-
#body_html_sanitize(value) ⇒ String
Remove all but a limited subset of common tags useful for body copy text.
-
#none_html_sanitize(value) ⇒ String
Remove all HTML from the value.
-
#safe_html_sanitize(value) ⇒ String
Remove all HTML from the value.
-
#simple_html_sanitize(value) ⇒ String
Remove all but the simplest html tags , , , .
Class Method Details
.attribute(name, on: , default: , build: , &block) ⇒ self .attribute(name, build, on: , default: , &block) ⇒ self
Define a new attribute for the class.
47 48 49 50 51 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 47 def attribute( name, *args, **, &block ) super.tap do define_html_sanitized_attribute_reader( name, [ :html ] ) if .key?( :html ) end end |
Instance Method Details
#allow_html_sanitize(value) ⇒ String
Does not perform any sanitization of the value.
151 152 153 154 155 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 151 def allow_html_sanitize( value ) return value unless value.is_a?( String ) Loofah.fragment( value ).scrub!( :no_follow ).to_s end |
#body_html_sanitize(value) ⇒ String
Remove all but a limited subset of common tags useful for body copy text. See BODY_TAGS.
124 125 126 127 128 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 124 def body_html_sanitize( value ) return value unless value.is_a?( String ) Loofah.fragment( value ).scrub!( BodyScrubber.new ).to_s end |
#none_html_sanitize(value) ⇒ String
Remove all HTML from the value.
99 100 101 102 103 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 99 def none_html_sanitize( value ) return value unless value.is_a?( String ) Loofah.fragment( value ).scrub!( NoneScrubber.new ).to_s end |
#safe_html_sanitize(value) ⇒ String
Remove all HTML from the value.
136 137 138 139 140 141 142 143 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 136 def safe_html_sanitize( value ) return value unless value.is_a?( String ) Loofah.fragment( value ) .scrub!( SafeScrubber.new ) .scrub!( :no_follow ) .to_s end |
#simple_html_sanitize(value) ⇒ String
Remove all but the simplest html tags , , , .
111 112 113 114 115 |
# File 'lib/shamu/attributes/html_sanitation.rb', line 111 def simple_html_sanitize( value ) return value unless value.is_a?( String ) Loofah.fragment( value ).scrub!( SimpleScrubber.new ).to_s end |