Class: Qiita::Markdown::Filters::UserInputSanitizer

Inherits:

HTML::Pipeline::Filter

• Object
• HTML::Pipeline::Filter
• Qiita::Markdown::Filters::UserInputSanitizer

Defined in:

lib/qiita/markdown/filters/user_input_sanitizer.rb

Overview

Sanitizes user input if :strict context is given.

Defined Under Namespace

Classes: AttributeFilter

Constant Summary

RULE =

{
  elements: %w[
    a b blockquote br code dd del details div dl dt em font h1 h2 h3 h4 h5 h6
    hr i img input ins kbd li ol p pre q rp rt ruby s samp strike strong sub
    summary sup table tbody td tfoot th thead tr ul var
  ],
  attributes: {
    "a"          => %w[class href rel title],
    "blockquote" => %w[cite],
    "code"       => %w[data-metadata],
    "div"        => %w[class],
    "font"       => %w[color],
    "h1"         => %w[id],
    "h2"         => %w[id],
    "h3"         => %w[id],
    "h4"         => %w[id],
    "h5"         => %w[id],
    "h6"         => %w[id],
    "img"        => %w[alt height src title width],
    "ins"        => %w[cite datetime],
    "li"         => %w[id],
    "q"          => %w[cite],
    "sup"        => %w[id],
    "td"         => %w[colspan rowspan style],
    "th"         => %w[colspan rowspan style],
  },
  protocols: {
    "a"          => { "href" => ["http", "https", "mailto", :relative] },
    "blockquote" => { "cite" => ["http", "https", :relative] },
    "q"          => { "cite" => ["http", "https", :relative] },
  },
  css: {
    properties: %w[text-align],
  },
  remove_contents: %w[
    script
  ],
  transformers: AttributeFilter,
}.freeze

Instance Method Summary

• #call ⇒ Object

Instance Method Details

#call ⇒ Object

# File 'lib/qiita/markdown/filters/user_input_sanitizer.rb', line 95

def call
  ::Sanitize.clean_node!(doc, RULE) if context[:strict]
  doc
end