Class: Qiita::Markdown::Filters::Sanitize
- Inherits:
-
HTML::Pipeline::Filter
- Object
- HTML::Pipeline::Filter
- Qiita::Markdown::Filters::Sanitize
- Defined in:
- lib/qiita/markdown/filters/sanitize.rb
Overview
Sanitizes undesirable elements by whitelist-based rule. You can pass optional :rule and :script context.
Defined Under Namespace
Classes: TransformableNode
Constant Summary collapse
- RULE =
{ attributes: { "a" => [ "href", ], "iframe" => [ "allowfullscreen", "frameborder", "height", "marginheight", "marginwidth", "scrolling", "src", "style", "width", ], "img" => [ "src", ], "div" => [ "itemscope", "itemtype", ], "script" => [ "async", "src", ], all: [ "abbr", "align", "alt", "border", "cellpadding", "cellspacing", "cite", "class", "color", "cols", "colspan", "datetime", "height", "hreflang", "id", "itemprop", "lang", "name", "tabindex", "target", "title", "width", :data, ], }, elements: [ "a", "b", "blockquote", "br", "code", "dd", "del", "div", "dl", "dt", "em", "font", "h1", "h2", "h3", "h4", "h5", "h6", "h7", "h8", "hr", "i", "img", "ins", "kbd", "li", "ol", "p", "pre", "q", "rp", "rt", "ruby", "s", "samp", "strike", "strong", "sub", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "ul", "var", ], protocols: { "a" => { "href" => [ :relative, "http", "https", ], }, "img" => { "src" => [ :relative, "http", "https", ], }, }, remove_contents: [ "script", ], transformers: TransformableNode, }
- SCRIPTABLE_RULE =
RULE.dup.tap do |rule| rule[:elements] = RULE[:elements] + ["iframe", "script"] rule[:remove_contents] = [] end
Instance Method Summary collapse
Instance Method Details
#call ⇒ Object
177 178 179 180 |
# File 'lib/qiita/markdown/filters/sanitize.rb', line 177 def call ::Sanitize.clean_node!(doc, rule) doc end |