Class: Gollum::Sanitization

Inherits:

Object

• Object
• Gollum::Sanitization

Defined in:

lib/gollum-lib/sanitization.rb

Overview

Encapsulate sanitization options.

This class does not yet support all options of Sanitize library. See github.com/rgrove/sanitize/.

Constant Summary

ELEMENTS =

Default whitelisted elements.

[
    'a', 'abbr', 'acronym', 'address', 'area', 'b', 'big',
    'blockquote', 'br', 'button', 'caption', 'center', 'cite',
    'code', 'col', 'colgroup', 'dd', 'del', 'dfn', 'dir',
    'div', 'dl', 'dt', 'em', 'fieldset', 'font', 'form', 'h1',
    'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'img', 'input',
    'ins', 'kbd', 'label', 'legend', 'li', 'map', 'mark', 'menu',
    'ol', 'optgroup', 'option', 'p', 'pre', 'q', 's', 'samp',
    'select', 'small', 'span', 'strike', 'strong', 'sub',
    'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th',
    'thead', 'tr', 'tt', 'u', 'ul', 'var'
].freeze

ATTRIBUTES =

Default whitelisted attributes.

{
    'a'   => ['href'],
    'img' => ['src'],
    :all  => ['abbr', 'accept', 'accept-charset',
              'accesskey', 'action', 'align', 'alt', 'axis',
              'border', 'cellpadding', 'cellspacing', 'char',
              'charoff', 'class', 'charset', 'checked', 'cite',
              'clear', 'cols', 'colspan', 'color',
              'compact', 'coords', 'datetime', 'dir',
              'disabled', 'enctype', 'for', 'frame',
              'headers', 'height', 'hreflang',
              'hspace', 'id', 'ismap', 'label', 'lang',
              'longdesc', 'maxlength', 'media', 'method',
              'multiple', 'name', 'nohref', 'noshade',
              'nowrap', 'prompt', 'readonly', 'rel', 'rev',
              'rows', 'rowspan', 'rules', 'scope',
              'selected', 'shape', 'size', 'span',
              'start', 'summary', 'tabindex', 'target',
              'title', 'type', 'usemap', 'valign', 'value',
              'vspace', 'width']
}.freeze

PROTOCOLS =

Default whitelisted protocols for URLs.

{
    'a'    => { 'href' => ['http', 'https', 'mailto', 'ftp', 'irc', 'apt', :relative] },
    'img'  => { 'src' => ['http', 'https', :relative] },
    'form' => { 'action' => ['http', 'https', :relative] }
}.freeze

ADD_ATTRIBUTES =

lambda do |env, node|
  if (add = env[:config][:add_attributes][node.name])
    add.each do |key, value|
      node[key] = value
    end
  end
end

REMOVE_CONTENTS =

Default elements whose contents will be removed in addition to the elements themselve

[
    'script',
    'style'
].freeze

TRANSFORMERS =

Default transformers to force @id attributes with ‘wiki-’ prefix

lambda do |env|
      node = env[:node]
      return if env[:is_whitelisted] || !node.element?
      prefix      = env[:config][:id_prefix]
      found_attrs = %w(id name).select do |key|
        if (value = node[key])
          node[key] = value.gsub(/\A(#{prefix})?/, prefix)
        end
      end
      if found_attrs.size > 0
        ADD_ATTRIBUTES.call(env, node)
        {}
      end
    end,
    lambda do |env|
      node = env[:node]
      return unless (value = node['href'])
      prefix       = env[:config][:id_prefix]
      node['href'] = value.gsub(/\A\#(#{prefix})?/, '#'+prefix)
      ADD_ATTRIBUTES.call(env, node)
      {}
    end
].freeze

Instance Attribute Summary

• #add_attributes ⇒ Object readonly

  Gets a Hash describing HTML attributes that Sanitize should add.

• #allow_comments ⇒ Object writeonly

  Sets a boolean determining whether Sanitize allows HTML comments in the output.

• #attributes ⇒ Object readonly

  Gets a Hash describing which attributes are allowed in which HTML elements.

• #elements ⇒ Object readonly

  Gets an Array of whitelisted HTML elements.

• #id_prefix ⇒ Object

  Gets or sets a String prefix which is added to ID attributes.

• #protocols ⇒ Object readonly

  Gets a Hash describing which URI protocols are allowed in HTML attributes.

• #remove_contents ⇒ Object readonly

  Gets an Array of element names whose contents will be removed in addition to the elements themselves.

• #transformers ⇒ Object readonly

  Gets a Hash describing which URI protocols are allowed in HTML attributes.

Instance Method Summary

• #allow_comments? ⇒ Boolean

  Determines if Sanitize should allow HTML comments.

• #history_sanitization ⇒ Object

  Modifies the current Sanitization instance to sanitize older revisions of pages.

• #initialize {|_self| ... } ⇒ Sanitization constructor

  A new instance of Sanitization.

• #to_hash ⇒ Object

  Builds a Hash of options suitable for Sanitize.clean.

• #to_sanitize ⇒ Object

  Builds a Sanitize instance from the current options.

Constructor Details

#initialize {|_self| ... } ⇒ Sanitization

Returns a new instance of Sanitization.

Yields:

• (_self)

Yield Parameters:

• _self (Gollum::Sanitization) —

  the object that the method was called on

# File 'lib/gollum-lib/sanitization.rb', line 124

def initialize
  @elements        = ELEMENTS.dup
  @attributes      = ATTRIBUTES.dup
  @protocols       = PROTOCOLS.dup
  @transformers    = TRANSFORMERS.dup
  @add_attributes  = {}
  @remove_contents = REMOVE_CONTENTS.dup
  @allow_comments  = false
  @id_prefix       = ''
  yield self if block_given?
end

Instance Attribute Details

#add_attributes ⇒ Object (readonly)

Gets a Hash describing HTML attributes that Sanitize should add. Default: {}

# File 'lib/gollum-lib/sanitization.rb', line 114

def add_attributes
  @add_attributes
end

#allow_comments=(value) ⇒ Object (writeonly)

Sets a boolean determining whether Sanitize allows HTML comments in the output. Default: false.

# File 'lib/gollum-lib/sanitization.rb', line 122

def allow_comments=(value)
  @allow_comments = value
end

#attributes ⇒ Object (readonly)

Gets a Hash describing which attributes are allowed in which HTML elements. Default: ATTRIBUTES.

# File 'lib/gollum-lib/sanitization.rb', line 98

def attributes
  @attributes
end

#elements ⇒ Object (readonly)

Gets an Array of whitelisted HTML elements. Default: ELEMENTS.

# File 'lib/gollum-lib/sanitization.rb', line 94

def elements
  @elements
end

#id_prefix ⇒ Object

Gets or sets a String prefix which is added to ID attributes. Default: ”

# File 'lib/gollum-lib/sanitization.rb', line 110

def id_prefix
  @id_prefix
end

#protocols ⇒ Object (readonly)

Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: PROTOCOLS

# File 'lib/gollum-lib/sanitization.rb', line 102

def protocols
  @protocols
end

#remove_contents ⇒ Object (readonly)

Gets an Array of element names whose contents will be removed in addition to the elements themselves. Default: REMOVE_CONTENTS

# File 'lib/gollum-lib/sanitization.rb', line 118

def remove_contents
  @remove_contents
end

#transformers ⇒ Object (readonly)

Gets a Hash describing which URI protocols are allowed in HTML attributes. Default: TRANSFORMERS

# File 'lib/gollum-lib/sanitization.rb', line 106

def transformers
  @transformers
end

Instance Method Details

#allow_comments? ⇒ Boolean

Determines if Sanitize should allow HTML comments.

Returns True if comments are allowed, or False.

Returns:

• (Boolean)

# File 'lib/gollum-lib/sanitization.rb', line 139

def allow_comments?
  !!@allow_comments
end

#history_sanitization ⇒ Object

Modifies the current Sanitization instance to sanitize older revisions of pages.

Returns a Sanitization instance.

# File 'lib/gollum-lib/sanitization.rb', line 147

def history_sanitization
  self.class.new do |sanitize|
    sanitize.add_attributes['a'] = { 'rel' => 'nofollow' }
  end
end

#to_hash ⇒ Object

Builds a Hash of options suitable for Sanitize.clean.

Returns a Hash.

# File 'lib/gollum-lib/sanitization.rb', line 156

def to_hash
  { :elements        => elements,
    :attributes      => attributes,
    :protocols       => protocols,
    :add_attributes  => add_attributes,
    :remove_contents => remove_contents,
    :allow_comments  => allow_comments?,
    :transformers    => transformers,
    :id_prefix       => id_prefix
  }
end

#to_sanitize ⇒ Object

Builds a Sanitize instance from the current options.

Returns a Sanitize instance.

# File 'lib/gollum-lib/sanitization.rb', line 171

def to_sanitize
  Sanitize.new(to_hash)
end