Module: ActionView::Helpers::SanitizeHelper::ClassMethods
- Included in:
- ClassMethods
- Defined in:
- lib/action_view/helpers/sanitize_helper.rb
Overview
:nodoc:
Instance Attribute Summary collapse
-
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by
strip_tags
. -
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by
strip_links
. -
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and
sanitize_css
.
Instance Method Summary collapse
- #sanitized_allowed_attributes ⇒ Object
-
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the
sanitize
helper. - #sanitized_allowed_css_keywords ⇒ Object
-
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the
sanitize
andsanitize_css
helpers. - #sanitized_allowed_css_properties ⇒ Object
-
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and
sanitize_css
helpers. - #sanitized_allowed_protocols ⇒ Object
-
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the
sanitize
helper. - #sanitized_allowed_tags ⇒ Object
-
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the
sanitize
helper. - #sanitized_bad_tags ⇒ Object
-
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the
sanitize
helper. - #sanitized_protocol_separator ⇒ Object
- #sanitized_protocol_separator=(value) ⇒ Object
- #sanitized_shorthand_css_properties ⇒ Object
-
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the
sanitize
andsanitize_css
helpers. - #sanitized_uri_attributes ⇒ Object
-
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the
sanitize
helper checks for URIs.
Instance Attribute Details
#full_sanitizer ⇒ Object
Gets the HTML::FullSanitizer instance used by strip_tags
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.full_sanitizer = MySpecialSanitizer.new
end
153 154 155 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 153 def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end |
#link_sanitizer ⇒ Object
Gets the HTML::LinkSanitizer instance used by strip_links
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.link_sanitizer = MySpecialSanitizer.new
end
164 165 166 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 164 def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end |
#white_list_sanitizer ⇒ Object
Gets the HTML::WhiteListSanitizer instance used by sanitize and sanitize_css
. Replace with any object that responds to sanitize
.
Rails::Initializer.run do |config|
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
end
175 176 177 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 175 def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end |
Instance Method Details
#sanitized_allowed_attributes ⇒ Object
122 123 124 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 122 def sanitized_allowed_attributes white_list_sanitizer.allowed_attributes end |
#sanitized_allowed_attributes=(attributes) ⇒ Object
Adds to the Set of allowed HTML attributes for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
end
215 216 217 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 215 def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end |
#sanitized_allowed_css_keywords ⇒ Object
130 131 132 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 130 def sanitized_allowed_css_keywords white_list_sanitizer.allowed_css_keywords end |
#sanitized_allowed_css_keywords=(attributes) ⇒ Object
Adds to the Set of allowed CSS keywords for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_keywords = 'expression'
end
235 236 237 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 235 def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end |
#sanitized_allowed_css_properties ⇒ Object
126 127 128 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 126 def sanitized_allowed_css_properties white_list_sanitizer.allowed_css_properties end |
#sanitized_allowed_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed CSS properties for the #sanitize and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_css_properties = 'expression'
end
225 226 227 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 225 def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end |
#sanitized_allowed_protocols ⇒ Object
138 139 140 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 138 def sanitized_allowed_protocols white_list_sanitizer.allowed_protocols end |
#sanitized_allowed_protocols=(attributes) ⇒ Object
Adds to the Set of allowed protocols for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
end
255 256 257 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 255 def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |
#sanitized_allowed_tags ⇒ Object
118 119 120 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 118 def white_list_sanitizer. end |
#sanitized_allowed_tags=(attributes) ⇒ Object
Adds to the Set of allowed tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'table', 'tr', 'td'
end
205 206 207 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 205 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_bad_tags ⇒ Object
114 115 116 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 114 def white_list_sanitizer. end |
#sanitized_bad_tags=(attributes) ⇒ Object
Adds to the Set of ‘bad’ tags for the sanitize
helper.
Rails::Initializer.run do |config|
config.action_view. = 'embed', 'object'
end
195 196 197 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 195 def (attributes) HTML::WhiteListSanitizer..merge(attributes) end |
#sanitized_protocol_separator ⇒ Object
106 107 108 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 106 def sanitized_protocol_separator white_list_sanitizer.protocol_separator end |
#sanitized_protocol_separator=(value) ⇒ Object
142 143 144 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 142 def sanitized_protocol_separator=(value) white_list_sanitizer.protocol_separator = value end |
#sanitized_shorthand_css_properties ⇒ Object
134 135 136 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 134 def sanitized_shorthand_css_properties white_list_sanitizer.shorthand_css_properties end |
#sanitized_shorthand_css_properties=(attributes) ⇒ Object
Adds to the Set of allowed shorthand CSS properties for the sanitize
and sanitize_css
helpers.
Rails::Initializer.run do |config|
config.action_view.sanitized_shorthand_css_properties = 'expression'
end
245 246 247 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 245 def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end |
#sanitized_uri_attributes ⇒ Object
110 111 112 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 110 def sanitized_uri_attributes white_list_sanitizer.uri_attributes end |
#sanitized_uri_attributes=(attributes) ⇒ Object
Adds valid HTML attributes that the sanitize
helper checks for URIs.
Rails::Initializer.run do |config|
config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
end
185 186 187 |
# File 'lib/action_view/helpers/sanitize_helper.rb', line 185 def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end |